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Welcome [SHH 


MORE ON DISRUPTION 


Dear Reader, 


If you stay in this job long enough, you get to see the pro- 
gression of technologies as they move from mere ideas, to 
prototypes, to real-world products ready to challenge the 
world and ascend the ladder to that mystical measure of 
success that the venture capitalists call “disruption.” 


Eight years ago — in the July 2013 issue, to be exact -| 
wrote about a quirky little story in the news that fell on one 
of those eternal fault lines of American culture. Some gun 
advocates had published plans for a 3D-printed gun, which 
they called the “Liberator.” At that time, 3D gun printing 
was little more than a concept — something for the oppos- 
ing sides of the gun control debate to face off around. The 
Liberator, which was made of plastic (and, | should add, 
the kind of plastic that was available for 3D printers eight 
years ago), didn’t look like much and didn’t shoot very ac- 
curately. As | recall, some considered the gun a significant 
danger to the owner. In one test, it shattered with first use, 
but the tester later admitted that “Printed under the right 
conditions, the Liberator gun has a lifespan of 8-10 shots” [1]. 


After a brief run in the headlines, 3D guns slipped out of 
sight for most of us. The Liberator really wasn’t reliable 
enough to serve as a sidearm for either the good guys or 
the bad guys, and, as | stated in my column eight years 
ago, there are “many easier ways of getting a gun than 
printing one on an $8,000 printer.” 


But that was then.... Technology has a way of marching 
on, soaring higher, pushing back against all barriers. The 
Los Angeles Police Department (LAPD) reported this 
month that so-called “ghost guns” assembled from 3D- 
printed parts have contributed to more than 100 violent 
crimes in the past year. According to the report, ghost 
guns in LA have been involved with 24 murders, 60 as- 
saults, and 20 armed robberies — and that’s just for one 
city. The report refers to the proliferation of these ghost 
guns, which have no serial number and are virtually un- 
traceable, as an “epidemic” [2]. The LAPD confiscated 
more than 800 ghost guns in the first half of 2021. Accord- 
ing to the report, felons who are banned from possessing 
firearms due to previous convictions are increasing turn- 
ing to ghost guns to minimize the chances of getting caught. 


Info 
[1] Liberator 3D Gun: 
https://en.wikipedia.org/wiki/Liberator_(gun) 


[2] “LAPD Declares Ghost Guns an Epidemic”: 
https://news.yahoo.com/ 
lapd-declares-ghost-guns-epidemic-013233309.html 
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Although they have largely been under the public radar, 3D- 
printed guns and gun parts have had an extensive run in the 
courts over the last eight years, and many questions remain 
about what is legal and what is regulatable. Is this the mo- 
ment when | launch into an impassioned plea for (or 
against) gun control? No —- there are other places to hear that 
kind of stuff. | talk about tech. We all knew this was coming — 
ever since the first shot from that first plastic Liberator. 3D 
printers have gotten better and less expensive, and plans for 
3D guns have gotten more sophisticated. Are we ready for 
this? Do we have the regulations in place to contain the epi- 
demic of untraceable ghost guns? We are giving our law en- 
forcement agencies a brand new challenge they didn’t have 
before, and we are taking away a very useful tool of their 
trade (gun tracing by serial number). Are we going to pro- 
vide them with additional resources to take on these tasks, 
or do we expect them to divert funding from other priorities 
in order to chase after ghost guns? 


In May of this year, the Biden administration proposed 
new rules that would hold the sellers of home-assembly 
gun kits to the same rules that conventional gun sellers 
face, including background checks on buyers and a 
unique serial number on each gun. This effort seems like 
a sensible first step for addressing the ghost gun epi- 
demic. Even if you oppose background checks, you could 
make the case that the same rules should apply to all gun 
makers equally, rather than the government giving a free 
pass for weapons assembled through 
a glitzier technological paradigm. 












When | consider the eight-year 
history of 3D-printed guns in the 
news, it makes me wonder what 
other emerging technologies are 
out there now that we should be 
planning for before they land in 
our laps. Disruption works 
much better if you come 
down out of the clouds 
and prepare for the 
messy details. 


Soe 


Joe Casad, 
Editor in Chief 
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Homegrown Notes Tool 
If you're tired of the privacy problems and feature bloat of 
high-end note-taking utilities, try rolling your own. 


Repurposed Router Projects 

If you have an old router lying around, you can put it to 
good use with a few easy projects and learn something 
along the way. 


LINUX-MAGAZINE.COM | LINUXPROMAGAZINE.COM 








LINUXVOICE 


65 Welcome 
This month in Linux Voice. 


67 Doghouse — Multi-Factor Authentication 


maddog looks at multi-factor authentication. 


68 Worker 
With over 20 years of development, Worker offers a 
tested and functional two-panel file manager. 


74 Clapper and GTK4 
The Clapper media player showcases new desktop 
design features in GTK4. 


76 G'MIC 
Behind G’MIC's deceptively simple interface hides a 
mighty image processing framework. 


80 FOSSPicks 
This month Graham looks at Bespoke, Waydroid, 
OpenShot, pedalboard, Onivim 2, Mr. Rescue, and more! 


Tutorial — Blender Perfume Bottle 


Creating this simple 3D image will give you a whiff of 
Blender’s power. 


(Rene Ay:22. 


64-bit 


LINUX e Bye 


SEE PAGE 6 FOR DETAILS 


ISSUE 253 DECEMBER 2021 





6 DECEMBER 2021 


This Month’s DVD 


Tails 4.22 and Q40S 4.6 
Two Terrific Distros on a Double-Sided DVD! 


Si 


64-bit 


amnesic 


SELLE 


ISSUE 253 DEC 2021 


LINUX 


ey 


Tails 4.22 
64-bit 

Tails 4.22 (the Amnesic Incognito Live System) is the lat- 
est release of one of the most popular security-oriented 
distributions. Based on Debian, Tails runs from an exte- 
rior device, either making all incoming and outgoing con- 
nections anonymous or blocking non-anonymous ones. 
It is especially well known for its Tor Browser, which pro- 
vides an easy way to browse anonymously, control Ja- 
vaScript, and remove ads. Other tools in Tails include 
Pidgin for encrypted instant messaging, OnionShare for 
anonymous file sharing, Thunderbird configured for en- 
crypted email, and Electrum for bitcoin transactions. 


A basic part of security and privacy is updates with the 
latest patches. In keeping with this criterion, Tails 4.22 
consists largely of application updates. Other changes 
from earlier releases include reducing the time out when 
reconnecting from 60 seconds to 10 seconds and the 
ability to retry connections from the error screen. In ad- 
dition, when an unsafe browser is run, Tails no longer re- 
starts Tor automatically or mentions the existence of 
persistent storage. Moreover, when automatic updates 
are downloaded, Tails 4.22 ensures that a working mirror 
is used. All these changes are minor tweaks to improve 
security as well as convenience. 


Over the years, Tails has become more user-friendly 
with each release. This constant improvement makes 
Tails 4.22 an ideal way for novices to secure their sys- 
tems. However, be sure to read the documentation be- 
fore using. While generally providing strong security, 
Tails has to be configured in certain ways for maximum 
security, and any installation can be only as secure as 
the base system from which it runs. 
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Q40S 4.6 
64-bit 

Q40S refers to itself as a “...fast and friendly, desktop- 
oriented operating system based on Debian Linux.” 
The emphasis is on ease of use and a short learning 
curve. The O40S developers have slimmed down the 
standard Debian, removing unneeded services and 
components for a streamlined and efficient system. 
The desktop defaults to Plasma, but Q40S also sup- 
ports the cult favorite Trinity desktop, which forked 
from KDE all the way back in 2011 and has been in in- 
dependent development ever since. 


Q40S 4.6 “Gemini” is a long-term support release, 
which means it will receive security patches and soft- 
ware updates for five years. The new release is based 
on Debian “bullseye” 11 and includes updates to the 
native O40S desktop profiler tool that allow the user 
to import and modify custom profiles. Other improve- 
ments include enhanced hardware support, as well as 
fixes and updates for many of the bundled applications. 


Additional Resources 

[1] Q40S: https://q4os.org/ 

[2] Q40S documentation https://q4os.org/documents.html 
[3] Trinity Desktop: https:/www..trinitydesktop.org/ 


Defective discs will be replaced. 
Please send an email to subs@linux-magazine.com. 


Although this Linux Magazine disc has been tested and is to the 
best of our knowledge free of malicious software and defects, 
Linux Magazine cannot be held responsible and is not liable for 
any disruption, loss, or damage to data and computer systems 
related to the use of this disc. 
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THIS MONTH'S NEWS 


08 e Linux Now Runs on 
Apple's M1 Chipset 


e@ MX Linux 21 RC Now 








Available 
09 e Fedora 35 Improves : F : 
Ses eaje name § Linux Now Runs on Apple's M1 Chipset 
e Extended Support for It seems like only yesterday that a small group of developers began work on 
Ubuntu 14.04 and 16.04 porting Linux to the new Apple M1 chipset. The journey was a struggle from day 
© More Online one, given how much proprietary hardware Apple uses. But the work has paid 
° Gnome 41 Adds Desktop off and Asahi Linux, a community-based project centered around porting a distri- 
1 0 Improvements bution to the Apple M1 chipset, has finally 


e Black Lotus Labs Confirms succeeded in getting a usable Linux desktop 

Flaw in Windows on the hardware. 

Subsystem for Linux The engineers have merged various drivers 
and bindings for the 5.16 Linux kernel and even 
managed to work out the pinctr] driver, I2C 
driver, device power management, NVMe + 
SART, and DCP. Thanks to those new drivers, 
M1 Macs are now a viable option for the Linux 
operating system. 

Before you jump on this, understand it’s 
not perfect. Apple uses a proprietary Pow- 
erVR-based GPU, so the Linux desktop will 
come without GPU acceleration. It's also im- 
portant to know that a proper installer has 
yet to materialize, which means users out- 
side of the Asahi project are still not able to 
experience the Linux desktop on the M1 hardware. To that, Hector Martin, the 
head of the project, says, “Once we have a stable kernel foundation, we will 
start publishing an ‘official’ installer that we expect will see more wide usage 
among the adventurous.” 

For helping getting started, developers interested in trying out Asahi Linux on M1 
hardware can head over to the project's IRC channel (#asahi-dev). 

To find out more about Asahi Linux project's progress, check out their official Prog- 
ress Report (https-/asahilinux.org/202 1/1 O/progress-report-september-202 1). 








§ MX Linux 21 RC Now Available 


MX Linux (Attos:/mxlinux.org/ is a midweight Linux distribution that aims to be simple 
and stable. The distribution is available in three different flavors: Xfce, KDE Plasma, and 
Fluxbox. MX Linux 21 RC is based on Debian 11 (bullseye), which includes all of the lat- 
est components and security patches. 

All three editions include a new mx-comfort theme, and the developers have 
worked diligently to clear away as many bugs as possible for the release candidate. 

The MX Linux 21 Xfce edition includes the Thunar Shares Plugin for the Thunar 
file manager (for Samba access) and a default user password for admin tasks. 
The Fluxbox edition panel now offers preconfigured setups, and the KDE Plasma 
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Photo by zhang kaiyv on Unsplash 


edition comes with an updated Dolphin file manager (which includes a fix for the 
“Save desktop changes” crash issue). All three versions benefit from new and 
updated applications, a new installer partition selection area (which includes 
some LVM support if an LVM volume already exists), and new UEFI Live system 
boot menus. 

You can download the RC releases with the following links: Xfce (https://source- 
forge.net/projects/mx-linux/files/Testing/RC 1/Xfce/MX-21_rc1_x64.iso/download), 
KDE Plasma (hAttps://sourceforge.net/projects/mx-linux/files/Testing/RC 1/KDE/ 
MX-21_KDE_RC1_x64.iso/downloada), and Fluxbox (https://sourceforge.net/projects/ 
mx-linux/files/Testing/RC 1/Fluxbox/MX-2 1_fluxbox_rc1_x64.iso/download). 

Read more in the official MX Linux 21 RC release notes (https://mxlinux.org/blog/mx- 
21-release-candidate-1-now-available-for-testing-purposes/. 


§' Fedora 35 Improves Desktop Performance 


While Fedora 35 might not include the same level of game-changing, workflow-en- 
hancing features found in Fedora 34 (thanks to Gnome 40), there's plenty to be excited 
about in this new Fedora iteration. 

One of the more notable changes comes by way of improvements to the NVidia pro- 
prietary driver. Red Hat has been working diligently to help improve the NVidia/WVayland 
stack support, and the changes in Fedora 35 should go a long way to improve desktop 
performance across the board. 

Fedora 35 also brings high-resolution mouse wheel support that will provide a much 
smoother wheel-scrolling experience. This change comes by way of the work done on 
libinput. The distribution also recently shifted from PulseAudio to PipeWire, and the 
system will see much maturation in this upcoming release. 

Gnome will also add a “kiosk” mode, which can be applied to various use 
cases (such as info boards and POS machines). The user interface has been 
tweaked with the addition of the Libadwaita theme and power profiles are even 
more accessible. 

Fedora Kinoite (https://fedoraproject.org/wiki/Changes/Fedora_Kinoite) is another 
very interesting addition. This new Fedora variant is an immutable desktop operat- 
ing system similar to Fedora Silverblue (https:/si/verblue. fedoraproject.org/) but 
based on the KDE Plasma desktop. The Silverblue project aims to be an extremely 
stable and reliable desktop and is an excellent platform for developers and con- 
tainer-focused workflows. 

To get an idea of how the release is shaping up, download a daily build of Fedora 
35 (https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Workstation/ 
xX86_64/iso/. 





§ Extended Support for Ubuntu 14.04 and 16.04 


Ubuntu 14.04 and 16.04 are Long Term Support (LTS) versions, both of which have 
already hit End of Life (14.04 in 2019 and 16.04 in 2021). The problem is, however, a 
large number of enterprise businesses are still making use of those versions of the 
open source platform. While you can upgrade to the latest LTS version of Ubuntu, 
that's not always an option for some use cases. 

Because of this, Canonical (https://canonical.com/ has extended their support for 
both versions of Ubuntu to bring those releases in line with the new 10-year support 
period that was given to both 18.04 and 20.04 (both of which are also LTS releases). 

Of course, there’s a caveat: The additional support for 14.04 and 16.04 comes by 
way of Extended Support Maintenance, which requires an active Ubuntu Advantage 
subscription (https:/ubuntu.com/advantage). For Ubuntu home users, this subscrip- 
tion is free (for up to three devices). For businesses, however, the subscription 
comes with a price. 

For those businesses who need to extend the life of Ubuntu 14.04 or 16.04, the cost 
will depend on the type of service (Essential, Standard, or Advanced). Prices range 
from $25.00 for the Essential package on a desktop to $1,500 for the Advanced pack- 
age on a physical server. 
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FreedomBox: A personal server for Privacy 
and Security 

Over the next couple of weeks, this blog 
will be a “living attempt” to acquaint 
people with the functionality and setup of 
a personal FreedomBox Internet server that 
is suitable for supporting one person or a 
community of people. 
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Processor and Memory Affinity Tools 

¢ Jeff Layton 

It's called high-performance computing (HPC), 
not low-performance computing (LPC), not 
medium-performance computing (MPC), and 
not even really awful-performance computing 
(RAPC). 


Darshan 1/0 Analysis for Deep Learning 
Frameworks 

¢ Jeff Layton 

The Darshan userspace tool is often used for 
1/0 profiling of HPC applications. 
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Public key Infrastructure in the Cloud 

¢ Andreas Philipp 

A public key infrastructure in the cloud for 
secure digital communication maintains 
the security of an on-premises solution and 
reduces complexity. 


App Proxy Support for Remote Desktop 
Services 

¢ Florian Frommherz 

Support flexible working environments with 
Remote Desktop Services and Azure AD 
Application Proxy. 


Flexible Software Routing with Open 
Source FRR 

¢ Benjamin Pfister 

The FRR open routing stack can be integrated 
into many networks because it supports a 
large number of routing protocols, though its 
strong dependence on the underlying kernel 


means it requires some manual configuration. 
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§ Gnome 41 Adds Desktop Improvements 


Gnome has been evolving at a breakneck pace. And no recent release proved that 
more than Gnome 40, where the entire workflow was reconfigured and reworked. 
For those that have experienced the shift that was brought about by Gnome 40, 
every update since has been nothing more than minor tweaks. 

While Gnome 41 isn't doing a major overhaul, it still adds some important im- 
provements to the desktop. 





Such improvements include a revamped Gnome 
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two weeks 
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Software that brings to life a much livelier landing page 
and updated app categories. New-to-Linux users 
should find using Gnome Software much easier for lo- 
cating the software they need to install. Another fea- 
ture is the ability to adjust power profiles directly from 
the Status menu. Enable the Power Saver profile 
when you're running on battery or use the Balanced 
profile when you need more juice for games or re- 
source-intensive applications. 

All of the default Gnome apps (Calendar, Calls, 
Connections, Files, and Music) have received some 
much-needed tweaking (either in functionality or ap- 
pearance) ,and the Gnome Settings tool now has a 
new Multitasking section, where you can configure 
Hot Corners, Active Screen, and Workspaces. 

Although Gnome 41 has yet to hit the repositories for the majority of Linux distri- 
butions that use the desktop, you can always use a rolling release distribution like 
Arch Linux. The first major distribution to ship with Gnome 41 will most likely be Fe- 
dora 35. For those that can’t wait, you can always download the Gnome OS 41 ISO 
(https://os.gnome.org/download/41.beta/gnome_os_installer_41.beta.iso) or a Fe- 
dora Rawhide image (https://dl. fedoraproject.org/pub/fedora/linux/development/raw- 
hide/Workstation/x86_64/iso/. 


Black Lotus Labs Confirms Flaw in Windows 
Subsystem for Linux 


Lumen Technologies’ threat intelligence arm has verified that hackers can use Linux 
binary files as a loader designed to inject malicious files into a Windows process 
within WSL. 

Four years ago, it was theorized that Linux binaries could be used as a means for 
hackers to gain access to Windows Subsystem for Linux. Up until recently, there has 
never been a single piece of evidence to prove that theory. 

The time of speculation is over: Black Lotus has not only proved it to be true but has 
discovered that it's actually happening. 

Lumen vice president, Mike Benjamin, says, “While the use of WSL is generally lim- 
ited to power users, those users often have escalated privileges in an organization.” 
Benjamin adds, “This creates blind spots as the industry continues to remove barriers 
between operating systems.” 

Black Lotus has identified a series of samples that were uploaded every two to three 
weeks, dating back to May 3, 2021 through August 22, 2021. The attacks were com- 
piled with Python 3.9, using Pylnstaller for the Debian OS v8.3.0-6. All of the samples, 
save one, contained private IP addresses. However, one sample was associated with a 
publicly routable IP address (185.63. 90[.]137), which could indicate this new attack vec- 
tor is still in development or just the first known instance of a hacker using this vulnera- 
bility to install malicious payloads into WSL. 

Find out more about this new attack in the official Lumen blog, “No Longer Just 
Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Win- 
dows Loaders” (https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-un- 
covers-linux-executables-deployed-as-stealth-windows-loaders/. 
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Kernel News 


Zack’ 


Chronicler Zack Brown reports 
on the latest news, views, 
dilemmas, and developments 
within the Linux kernel 
community. 

By Zack Brown 


Author 

The Linux kernel mailing list comprises 
the core of Linux development activities. 
Traffic volumes are immense, often 
reaching 10,000 messages in a week, and 
keeping up to date with the entire scope 
of development is a virtually impossible 
task for one person. One of the few brave 
souls to take on this task is Zack Brown. 
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Kernel News 


Renaming SMB 

Steve French of Microsoft posted a 
bunch of patches to the SMB/CIFS file- 
system, sparking an interesting little dis- 
cussion. For starters, Linus Torvalds 
merged the patch set within a day but 
also had some remarks: 

“You pretty much interchangeably use 
‘cifs’ or ‘smb3’ for the filesystem, as 
shown once more by the commit mes- 
sages here (but also the subject line). 

“The filesystem directory is called ‘cifs’, 
and I’ve taken to use that in my ‘Pull cifs 
updates’ thing from you to just avoiding 
the confusion. 

“And now we have ksmbd (yup, I just 
merged that pull request too), so we 
have a ‘cifs client’ and a ‘smb server’. 
Aaarrgh. 

“I understand that some people may 
care about the name, may care about 
‘smb2 vs smb3’, or whatever. But I have 
to admit finding it a bit annoying how 
the code and the directory layout uses 
these different terms pretty much ran- 
domly with no real apparent logic. 

“Somehow the NFS people had no prob- 
lem completely changing everything 
about their protocols and then still call- 
ing the end result ‘nfs client’ vs ‘nfs 
server’. 

“Oh well. I’m assuming it’s not going 
to change, and it’s not really a problem, I 
just wanted to mention my frustration 
about how clear as mud the naming is.” 

Steve had a very interesting and seem- 
ingly a very honest reply. He said, “I 
(and many at Microsoft and in Samba 
team etc.) also have a strong desire to 
stop using the word ‘CIFS’ as it has been 
associated with some very high profile 
attacks, and with the introduction of 
SMB2.1 support (which was far more se- 
cure) in 2009 no one should be using the 
very old CIFS dialect (aka ‘SMB1’ dia- 
lect). So if you are ok with renaming the 
client dir and module name - we can 
gradually stop using the word/name 
‘cifs’ except for the parts of code which 
really are needed to access the (unfortu- 
nately hundreds of millions of) very old 
devices which require SMB1 (‘CIFS’).” 
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Steve added: 

“Note that with the introduction of vari- 
ous security features in SMB3 (then even 
more security features in SMB3.1.1) it 
seems like it seemed confusing to users to 
tell them ‘mount -t cifs ...‘ which was why 
I added support for ‘mount -t smb3’ (to 
cifs.ko) in the 4.18 kernel/ but I also 
would strongly like to stop using the word 
‘cifs’ in module name going forward, even 
if it does cause a little bit of extra work for 
distros (most of which could be handled 
in the mount helper in any case) 

“If no objections, we can start moving 
most things on the client to ‘smb.ko’ 
rather than ‘cifs.ko’ ... 

“Do you have any objections to me re- 
naming the client’s source directory to 
‘fs/smb3’ (or fs/smb) and fs/smb3_ 
common ...?” 

Linus replied, “I’m ok with directory 
renames, git handles it all well enough 
that the pain should be fairly minimal. 
I’d ask for that to be done during a fairly 
calm cycle, though, when there isn’t a 
lot pending, so that any rename conflicts 
will be minimized.” 

But he also added: 

“Tm not entirely enamoured with the 
name ‘smb’ as a module (or directory) 
name, to put it lightly. 

“Part of it is that it can mean ‘system 
management bus’ too, although in the 
kernel we happily universally (?) use 
‘smbus’ for that. 

“But a big part of it is exactly the his- 
tory of random different names, which 
means that I'd like any new name to be 
more explicit than a TLA that has been 
mis-used for so long. 

“So yes, we have ‘fs/nfs/‘, but I’d 
rather _not_ have ‘fs/smb/* 

“They may superficially look entirely 
equivalent — but one of them has had a 
consistent name that is unambiguous 
and has no horrible naming history. The 
other has not.” 

And in terms of what the new name 
might actually be, Linus went on: 

‘Tll throw out two suggestions, but 
they are just that: (a) ‘smbfs’ or (b) 
‘smb-client’. 


“I think ‘smbfs’ has the nice property 
of making it clear that this is just the file- 
system part of the smb protocols — that 
otherwise cover a lot of other things too 
(at least historically printers, although I 
have no idea how true that is any more). 

“And ‘smb-client’ as a name is in no 
way great, but at least it’s not just a TLA, 
and from a naming standpoint it would 
match the ‘smb-common’ thing (al- 
though I guess you used an underscore, 
not a dash). 

“Again — those are just two random 
suggestions, and I’m not married to ei- 
ther of them, I just really don’t like just 
that ‘smb’ because of all the historical 
naming baggage. 

“So if we rename, we should rename it 
to something new and slightly more spe- 
cific than what we used to have.” 

Steve replied, “That should be easy 
enough (IIRC FreeBSD called their mod- 
ule ‘smbfs’), but presumably wait until 
5.16 or 5.17 to lessen merge conflicts 
etc.” And he said he’d bounce the idea 
around with the people on the Samba 
team and others. 

However, after a couple of weeks of be- 
hind-the-scenes reflection, Steve reported 
that there was an ancient fs/smbfs direc- 
tory already in the Git repository, which 
he felt might cause enough confusion to 
not be worth it. So his new suggestion 
was to use fs/smbfs-client as the new di- 
rectory name. 

But the discussion ended there. 

One of the fascinating things about 
this exchange is the forthrightness of Mi- 
crosoft talking about public perception 
as a justification for making a change to 
the Linux kernel. Once upon a time, the 
conversation was what the kernel devel- 
opers would do in response to Micro- 
soft’s inevitable attempts to utterly de- 
stroy the project. Now Microsoft is ad- 
mitting a public-perception weakness 
and seeking solutions with the Linux de- 
velopers in a collaborative way. And the 
Linux developers are taking it in stride 
and collaborating in turn. 

Meanwhile, Linus’s consideration of 
alternative names for the SMB filesystem 
is also interesting, in particular the dis- 
tinction between fs/smb and fs/nfs, 
where they seem perfectly complemen- 
tary, but one is acceptable for historical 
reasons while the other is not. 

It’s also generally interesting when- 
ever Linus makes a point of saying that 


whatever idea he’s putting forward is 
not a “command.” A lot of people below 
the level of his trusted lieutenants, just 
out of admiration and gratitude, would 
tend to consider Linus’s preferences to 
be equivalent to being carved in stone. 
So he’s had to (I would imagine) con- 
sciously remember to verbalize when he 
is only talking about something and not 
making a decision about it. 


Testing Standards 

Rae Moar from Google proposed a draft 
specification for Kernel Test Anything 
Protocol (KTAP) based on Test Anything 
Protocol (TAP), which was originally de- 
signed for the Perl interpreted language 
in the late 1980s and has since been ex- 
tended for lots of other languages. 

In fact, the extensions are why Rae 
wanted to set up a kernel-specific ver- 
sion of TAP. He felt there were too many 
conflicting elements to the TAP spec 
these days. 

He based this new work on an earlier 
specification (also called KTAP) that had 
been written by Tim Bird and proposed 
to the Linux kernel mailing list in June 
2020. Tim’s original motivation had been 
to accommodate the various ways that 
kselftest had come to deviate from the 
original TAP spec. At the time, Tim’s 
work received some significant interest. 

Now, Rae felt that not just kselftest 
but also KUnit and other kernel testing 
frameworks needed an update to Tim’s 
attempt - partly because Tim’s concept 
included the idea of nested tests, and 
some newer tests had started to imple- 
ment nested tests differently than Tim’s 
conception. 

Rae summarized the differences be- 
tween the original TAP (now at ver- 
sion 14), versus his proposed KTAP 
specification. 

First, he wanted to exclude YAML and 
JSON from diagnostic messages. 

He also wanted to exclude T0D0 direc- 
tives, which are really only used to alert 
whoever’s running the tests that a par- 
ticular test should be implemented at 
some point. Anyway, there’s a SKIP di- 
rective that can be used for a similar 
purpose. 

Rae also wanted to be able to nest an 
arbitrary number of tests - like Tim, he 
called them subtests. 

Brendan Higgins was very enthusiastic 
about this new KTAP specification. He 
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said, “I would definitely like to see us 
moving forward with standardizing fully 
on the KTAP spec.” 

Kees Cook was also very interested, 
saying, “thanks for looking at this again! 
Please understand that while I may be 
coming across as rather negative here, I 
would like to have a rational and docu- 
mented specification for the kernel’s test 
output, too. My main objection here is 
that we already _have_a specification, 
and it’s already being parsed by ma- 
chines, so making changes without 
strong justification is going to be met 
with resistance.” 

Kees pointed out that kselftest was 
the biggest tester in the kernel and al- 
ready had the standardized KTAP pro- 
posed by Tim the year before. So he 
said, “I would want buy-in from at 
least those responsible.” He also re- 
marked: 

“The fundamental purpose of the ker- 
nel’s TAP is to have many independent 
tests runnable and parseable, specifically 
without any embedded framework knowl- 
edge (or, even, any knowledge of TAP). 

“The tests run by kselftest come from 2 
different TAP-producing harnesses 
(kselftest.h for C, kselftest/runner.sh for 
TAP-agnostic tests) as well as several 
hand-rolled instances in Shell, Python, 
and C. There used to be more, but I have 
been steadily fixing their syntax and 
merging separate implementations for a 
while now.” 

But in terms of naming, Kees said he 
preferred to say “nested tests” rather 
than “subtests.” And he commented ex- 
tensively on many of the other aspects of 
Rae’s spec. 

Meanwhile Rae was taken aback to 
hear Kees say there was already a spec 
in use. That was news to him, and he 
asked for a link. He said: 


“Wait, what?! An implementation is 
not a specification. I thought Tim’s at- 
tempt at standardizing the TAP that ex- 
ists under kselftest, KUnit, and elsewhere 
was recognized as important or at least 
worthwhile. 

“The problem that was recognized, as 
I understand, was that there are multi- 
ple ‘interpretations’ of TAP floating 
around the kernel and that goes against 
the original point of trying to standard- 
ize around TAP. 

“I know KUnit’s usage is pretty minor 
in comparison to kselftest, but people do 
use it and there is no point in us, KUnit, 
purporting to use TAP and remain com- 
patible with any particular version of it if 
it is incompatible with kselftest’s TAP. 

“Additionally, there is no way that we 
are going to be able to stay on a compati- 
ble implementation of TAP unless we 
specify what TAP is separate from the im- 
plementation.” 

Tim also joined the discussion, not 
necessarily arguing in favor of his earlier 
draft but certainly with many technical 
comments on Rae’s new version. 

Essentially all three engaged in collab- 
orative discussion, each apparently 
hopeful that the final version would be 
good and useful. In fact, they each had 
so much to say that it seems they will 
very quickly light upon a common vision 
for this testing framework. 

At one point David Gow from Google 
summed up the situation: 

“I think many of the issues here stem 
from the original TAP spec having been 
insufficient for kernel stuff, and a bit of 
divergent evolution having occurred be- 
tween kselftest, KUnit, and the dormant 
TAP 14 spec. This proposed spec does ap- 
proach things more from the KUnit side, 
just because that’s what we’re more fa- 
miliar with, but I agree that kselftest and 


LAVA are the bigger fish in this pond. 
KUnit’s parser has also been a bit stricter 
in what it accepts, and the TAP produc- 
ing code is shared between all of the 
KUnit tests, which makes prototyping 
changes a bit easier. 

“Fortunately, most of these differences 
seem pretty minor in the grand scheme of 
things, so I’m sure we can adapt this spec 
to fit what kselftest is doing better, while 
still leaving enough of the structure the 
KUnit tooling requires.” 

At one point, Rae pronounced, “Thank 
you for all of your comments! I am glad 
to see some discussion on this email. 
First of all, my primary goal with this 
email is to advocate for a documented 
specification for the kernel’s test output. 
I presented my first email largely from 
the perspective of KUnit and thus, I am 
not surprised there are points of conten- 
tion in the proposed specification.” 

And the discussion continued, largely 
on technical lines, with everyone clearly 
aligned on the need to accommodate 
each other. 

One interesting aspect of Linux devel- 
opment is how frequently the develop- 
ers - or Linus Torvalds - will decide 
that an existing standard is broken or 
not useful and simply extend it to suit 
the kernel. They even forked the C li- 
brary itself long ago and disagreed with 
the POSIX standard on the nature of 
threading. They feuded with the GNU C 
Compiler developers for years, refusing 
to upgrade from an increasingly out-of- 
date compiler version. And Linus re- 
sisted using version control for many 
years, as teams around the world strug- 
gled to accommodate his requirements, 
until finally he first used a proprietary 
system, to everyone’s chagrin, and then 
wrote his own system that ultimately 
replaced all the others. mas 
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OpenBSD for Linux Users 


Examining OpenBSD from the point of view of a Linux user 


Free Cousin 


Veteran Linux users and administrators are likely to have heard of the BSD family of operating 
systems. However, the BSDs remain a mystery to many in the Linux community. With the upcoming 
release of OpenBSD 7.0, it is time to throw some light on this little gem. By Rubén Liorente 


inux is the most popular Free and Open Source (FOSS) 

operating system, but it isn’t the only alternative. Many 

FOSS operating systems are too niche to serve as a true 

alternative to Linux - you would not use Minix or Free- 
DOS for the same things you use Linux for. However, the BSD 
operating systems are a powerful family that is worth consider- 
ing for tasks usually assigned to Linux. 

It is said that Linux users have a poorer understanding of 
BSD than BSD users have of Linux. Given that both BSD and 
Linux are closely related to Unix, it is not surprising to learn 
that using one does not feel very different from using the 
other. They have similar userspace tools, you may install 
(mostly) the same utilities on each, and they are both built 
around free software. On the other hand, once you dive a little 
deeper into the systems, differences start surfacing. 

OpenBSD 7.0 is slated for release in 2021, so it is a good 
time to take a look at OpenBSD as an example of what the 
BSD family has to offer. 


A Brief History 

The original Berkeley Software Distribution (BSD) was created 
as a set of add-ons to Version 6 Unix rather than as a whole op- 
erating system. BSD would eventually become an operating 
system of its own, but up to version 4.4, BSD was based on 
proprietary Unix code belonging to AT&T. 

In 1991, Net/2 (Networking Tape/2), a BSD distribution with 
all the proprietary AT&T code stripped out, was released. Net/ 
2 was based on BSD 4.4, although it wasn’t a full operating 
system yet because it lacked some critical components. The 
BSDi corporation took code from Net/2 and created 386BSD. 
Sadly, AT&T sued BSDi over copyright and trademark infringe- 
ment. Although the lawsuit was settled in favor of BSDi, the 
fact their legitimacy was in question slowed development of 
386BSD and its descendants and diverted a lot of attention to- 
wards Linux. (Many believe the main reason Linux is more 
popular than any OS from the BSD family is because of AT&T’s 
lawsuit.) 

The NetBSD project was founded by four developers who 
were frustrated by with pace and philosophy of 386BSD devel- 


opment. The developers forked the 386BSD code to launch a 
project that would emphasize the compact and correct code 
favored by the BSDs to this day. One of the NetBSD cofounders, 
Theo de Raadt, was later asked to resign from his position as a 
NetBSD leader due to conflicts with mailing list members. De 
Raadt launched OpenBSD in 1995 as a hostile fork of NetBSD. 


OpenBSD Releases and Branches 

OpenBSD [1] gets a new release every six months. Every re- 
lease is supported with bug fixes and security patches for a 
whole year. Keep in mind that this applies only to the core 
system. The ports tree and package repositories receive fixes 
for the most recent release only. 

Since the OpenBSD source code is managed by a CVS re- 
pository, the developers think of the release process in terms 
of branches. All the new, experimental, and exciting features 
are incorporated into the -current branch. When the time 
comes to make a new release, if -current is deemed stable 
enough, it is tagged as a -release, and OpenBSD -stable is 
branched out (Figure 1). 





OpenBSD 
6.7 -stable 


OpenBSD 
6.9 -stable 





OpenBSD -current 


OpenBSD 
6.8 -stable 











Figure 1: OpenBSD development happens in the 
-current branch. A -release is tagged every six 
months, giving birth to a -stable branch. The 
-stable branches are supported for a whole year, 
but most users of -stable prefer to upgrade to the 
most recent -stable immediately. 
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The -stable branch features the code of the corresponding 
release (for example, OpenBSD 6.9). This branch gets patches 
and security fixes as needed, but it is guaranteed not to re- 
ceive updates that may cause breakage. Meanwhile, the de- 
velopers keep working on -current in preparation for the 
next release. 

OpenBSD is very conservative regarding changes. Therefore, 
upgrading from one release to another is rarely troublesome. 
Most changes are done under the hood rather than on areas 
regular users are likely to pay attention to. Therefore, running 
one release does not feel much different from running any 
other. This continuity is considered an advantage by many, 
because you can learn OpenBSD just once and be confi- 
dent you won’t have to relearn it every now and then. 


Cathedral vs. Bazaar 

A subtle difference between OpenBSD and any Linux distribu- 
tion arises from their different development models. Eric Ste- 
ven Raymond explained this difference in his book: The Ca- 
thedral and the Bazaar [2]. Linux distributions are put to- 
gether following the Bazaar model: They pick many compo- 
nents from different vendors - such as the Linux kernel, Xorg, 
and Gnome - make packages out of them, and ship them as a 
unified software distribution. Hence, Linux distributions are 
built from a big sum of small add-ons that are mostly sourced 
from third parties. 

OpenBSD (and the other BSDs, for that matter) follows the 
Cathedral model. The OpenBSD team develops the operating 
system code in its own house. The software that forms the 
core of the system is built from the ground up to fit Open- 
BSD’s needs. When a new version of OpenBSD is released, it 
is shipped as a whole block instead or a sum of independent 
packages. This means the core software is tailored specifi- 
cally to the operating system. It is true that many compo- 
nents are sourced from third parties (OpenBSD has Perl as a 
core component, for example), but most of the time, these 
are forked or heavily adapted versions rather than the origi- 
nal thing. An interesting side effect of the Cathedral model 
is that the documentation for the operating system is kept in 
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one place. If you want to find the documentation for a com- 
ponent in a Linux distribution, you need to track down the 
developer of the original component and find the documen- 
tation on the developer’s site, whereas in the OpenBSD 
world, you head straight to the project’s website or man 
pages [3]. 

Not many machines are useful if they run the core operating 
system only, so OpenBSD has a ports tree that allows you to in- 
stall third-party software (see the box entitled “Packages and 
Ports”). What this means in practice is that every OpenBSD in- 
stall will use the same core but will have a different set of pack- 
ages installed on top of it by the user. The base and the ports 


Packages and Ports 


OpenBSD users add third-party software to their system using 
one of either the ports tree [4] or a package repository [5]. 


Linux users who have experience with Gentoo will already 
know how ports work. In a nutshell, a ports tree is a set of 
scripts that can be used to build packages automatically from 
source code. OpenBSD offers a ports tree, which is recom- 
mended for advanced users only. With it, an OpenBSD admin- 
istrator can instruct the operating system to download, com- 
pile, package, and install a piece of software for which a port 
exists, alongside all its dependencies. An advantage of this ap- 
proach is that each package can be customized and patched to 
the administrator's requirements. 


The ports system is beautifully built, and OpenBSD ships soft- 
ware to deploy a packaging cluster in order to build massive 
amounts of packages in parallel...using multiple computers! In 
OpenBSD'’s style, the process is mighty secure: The code that 
downloads the source code that will be compiled runs at a 
privilege level that is different from the software that will make 
the packages, which in turn has yet another privilege level 
from the software that installs packages. 


Since compiling software from ports can be time consuming 
and not fit for every user, OpenBSD offers a repository of pre- 
built packages. In fact, the goal of the ports tree is building this 
repository. Packages can be installed with the pkg_add utility, 
which supports dependency resolution and signature verifica- 
tion for downloads. 
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tree are considered to be at a different level and are adminis- 
trated by different tools. This means that if you are developing a 
third-party package, you can count of every OpenBSD install 
having the same set of core utilities and libraries - for a given re- 
lease, at least. See the box entitled “What? No Copyleft?” for 
more on the differences between Linux and BSD. 


Security by Correctness 

OpenBSD has a reputation for being a secure operating system. 
In fact, its website boasts just two security holes in the default 
install “in a heck of a lot of time.” That said, the development 
policies are not focused on producing a secure operating system 
as much as they are aimed at creating a correct operating sys- 
tem. Security is just a side effect. 

OpenBSD has therefore an aggressive policy towards remov- 
ing obsolete code. For example, libressl, the SSL/TLS library 
OpenBSD uses instead of the popular openssl, lacks many en- 
cryption algorithms deemed outdated. OpenBSD also has a 
zero tolerance against binary blobs or any software that cannot 
be audited, which is never included by default, because it can- 
not be trusted and it is harder to fix if problems arise. 

OpenBSD also uses its own libc, which is not compatible 
with the popular glibc to be found in the Linux world. This 
makes running certain programs designed for Linux a bit trou- 
blesome at times. For example, some C programs that use the 
custom crypt() function in glibc won’t work without patching. 


What? No Copyleft? 


Parts of this sidebar originally appeared in the July 2017 issue of 
Linux Magazine. 


One important difference between Linux and the BSDs is the li- 
cense. Although both Linux and the BSDs meet the definition of 
free software, the different licenses come with very different 
contexts for development. 


Most Linux users associate free software with the “copyleft” pro- 
tection embodied in the GNU Public License (GPL), which en- 
sures that source code, including all modifications, must be 
shared with the community when the software is distributed. The 
BSD license does not require downstream sharing of the source 
code, and in fact, it allows a user who modifies the code to re-li- 
cense it later with a non-free license. Linux proponents are often 
shocked to learn that free software components developed under 
a permissive license are sometimes taken out of open source and 
incorporated into proprietary programs, but the BSD community 
actually sees this permissiveness as a benefit. 


The BSD Advantages page of the FreeBSD website cites an 
Apache project document to describe the advantages of per- 
missive licenses. “This type of license is ideal for promoting 
the use of a reference body of code that implements a protocol 
for common service...many of us wanted to see HTTP survive 
and become a true multiparty standard, and we would not 
have minded in the slightest if Microsoft or Netscape chose to 
incorporate our HTTP engine or any other component of our 
code into their products, if it helped further the goal of keeping 
HTTP common.” 


The GPL adds some legal complications that make it more com- 
plicated to integrate with other software. According to the Free- 
BSD project, “Developers tend to find the BSD license attractive 
as it keeps legal issues out of the way and lets them do whatever 
they want with the code. In contrast, those who expect others to 
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# /etc/pf.cont| 


# Our external interface 
ext_if="emo" 


# Don't filter localhost traffic 
set skip 100 


# Block all incoming traffic we have not requested. 
block in all 


# Allow outgoing connections. The firewall is stateful, so 
# responses to connections we have initiated are allowed in 
pass out on $ext_if inet from ($ext_if) \ 

to any flags S/SA keep state 











Figure 2: Instead of Linux’s netfilter, which is usually 
configured via iptables, OpenBSD uses the minimal- 
ist PF firewall. 


On the other hand, OpenBSD’s libc has its own extra utilities, 
such as crypt_newhash() (for generating Blowfish hashes from 
passwords in a single step) or arc4random() (for generating ran- 
dom data when /dev/urandom is unavailable). 


Security by Isolation 

Linux has plenty of tricks up its sleeve in order to isolate 
processes from each other, just in case one of them was 
hacked by a nefarious actor. BSD has its own set of security 
tools (Figure 2). In the Linux world, tools such as SELinux, 
AppArmor, and seccomp are used to ensure that no process 


evolve the code, or who do not expect to make a living from their 
work associated with the system (such as government employ- 
ees), find the GPL attractive, because it forces code developed by 
others to be given to them and keeps their employer from retain- 
ing copyright and thus potentially ‘burying’ or orphaning the soft- 
ware. If you want to force your competitors to help you, the GPL 
is attractive.” 


Through the years, code from the permissive BSD projects has 
made its way into many proprietary systems. MacOS and So- 
laris are both originally based on BSD code. Microsoft report- 
edly integrated BSD’s TCP/IP implementation into Windows. 
The copyleft viewpoint would regard these code appropriations 
as a loss for the community. Permissive proponents see it differ- 
ently: by making it easy to adapt and integrate these compo- 
nents with other systems, they are spreading the benefits of 
free-software-based community development to a wider audi- 
ence. Apple thus became invested in Unix, and Microsoft be- 
came a proponent of standards-based TCP/IP networking, rather 
than having to force the world to use its outdated proprietary 
protocols such as NetBEUI and its in-house, reverse-engineered 
version of the Novell NetWare protocols. 


The GPL lends itself to large projects that keep the community 
working together on a single code base. Permissive licenses are 
better suited for smaller, collaborative projects that serve as a 
core or incubator for a larger ecosystem that might include pro- 
prietary implementations. 


The copyleft protection of the GPL allowed Linux to become big- 
ger and more popular than any of the permissively licensed BSD 
variants. However, BSD, with its permissive license and easy in- 
tegration, played a role in spreading the gospel of Unix and 
standards-based programming to build the world in which 
Linux could flourish. 
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unveil(const char *path, const char *permissions); 











Figure 3: A process may use the unveil () system call 
to place itself in a filesystem sandbox. If the process 
is compromised later on, it won't be able to access 
files outside of the sandbox. 


can access resources that it was never intended to access. 
This way, if a daemon such as the Apache web server is 
compromised, the attacker cannot easily access information 
managed by the cupsd printing service, for example. 

For years, it was a common complaint against OpenBSD that 
it lacked a proper Mandatory Access Control (MAC) frame- 
work. Although there was some work done in this regard, it 
was abandoned because it was considered impractical and 
there was just not much interest in it. From the OpenBSD per- 
spective, MAC frameworks such as SELinux are too unwieldy 
to use by regular administrators and are more likely to cause 
problems than to solve them. 

The standard way in which processes used to be isolated in 
OpenBSD was by placing them in a chroot() jail and running 
them with reduced privileges. As security conscious adminis- 
trators know, chroot() is not a great security feature, because a 
process running with root privileges inside of one can easily 
escape the chroot as per the POSIX standard. Although running 
the process with reduced privilege solves 
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accessing unauthorized resources and generate a warning for 
the logs to record. 

The problem with this approach is that any given program 
must be patched to use these two system calls in order to be ef- 
fective. However, the OpenBSD and ports maintainers seem to 
be doing a good job with patches for popular applications such 
as Mozilla Firefox. The advantage is huge: The user gets to run 
programs that put themselves in a virtual sandbox without the 
need of any configuration. The process is completely transpar- 
ent to the user. 


Userspace Goodies 

OpenBSD is home to a number of outstanding userspace tools. 
OpenSSH [6] is indeed the most popular tool associated with the 
OpenBSD community. It has been ported to a number of other 
operating systems, and Linux administrators use it worldwide to 
access remote servers from their home. However, OpenBSD de- 
velops many other programs that are worth a closer look. 

httpd, for example, is a compact web server that aims to 
be simple yet useful. It supports FastCGI (and slow CGI, for 
that matter), TLS, and request rewrites. It is easy to config- 
ure, and it is well documented. Its biggest drawback is that 
it is not compatible with htaccess files, which are often dis- 
tributed with web applications such as Nextcloud and are 
intended to be used with the Apache web server instead. 
This limitation does not mean that OpenBSD’s httpd cannot 
host Nextcloud. In fact, it is a good platform for this sort of 
application. It just means the administrator has to rewrite 
the hstaccess rules in a format httpd understands. A web- 
master who is not up to this task can always install Apache 
from the repository instead. 

OpenSMTPD [7] is the OpenBSD alternative to SMTP servers, 
such as Postfix or Exim (Figure 4). It can be deployed with 
anti-spam filters, antivirus filters, and DKIM. 

OpenBSD has its own X server, known as Xenocara, that 
doesn't require root privileges (Figure 5). relayd is another lit- 
tle gem. It is a daemon that can be used both as a reverse 
proxy, TLS accelerator, load balancer, and switch-over device 
for high availability applications. 





this problem for the most part, this ap- 
proach had its drawbacks. Therefore, 
OpenBSD ended up creating two addi- 
tional isolation techniques: unveil () 
and pledge(). 

Both unveil() and pledge() are system 
calls that reduce the privileges of a pro- 
cess. The idea is that when a trusted pro- 
cess is started, it will tell the kernel that 
it plans to access only a certain set of re- 
sources. Attackers often use a compro- 
mised process to access resources the 
process was never intended to use. Un- 
veil() tells the kernel which parts of the 
filesystem the program intends to use 
(Figure 3), and pledge() which set of 


# Configure TLS. 


table credentials 


table virtualusers 


action send relay 





# /etc/smtpd/smtpd. conf 


pki mail.operationalsecurity.es cert 
pki mail.operationalsecurity.es key 


# Configure users and domains. 


table virtualdomains 


# Listen on standard ports. 

listen on ethO tls mail.operationalsecurity.es 

listen on ethO port 465 smtps pki mail.operationalsecurity.es auth <credentials> 
listen on eth® port 587 tls-require pki mail.operationalsecurity.es auth <credentials> 


# Incoming mail to virtual users is stored in a virtual mailbox. 

# Everything else is relayed. 

# Mail received from unauthenticated sources is not relayed by default 
# as to prevent abuse. 

action receive mbox virtual <virtualusers> 


match from any for domain <virtualdomains> action receive 
match for any action send 


"“/etc/smtpd/tls/smtpd.crt" 
"/etc/smtpd/tls/smtpd. key" 


"/etc/smtpd/credendials" 
"/etc/smtpd/virtualdomains" 
"/etc/smtpd/virtualusers" 








system calls. The unveil() and pledge() 
system gives the kernel the information 
necessary to stop a rogue process from 


Figure 4: OpenSMTPD lets you deploy an SMTPD (email) server. The config- 
uration is very simple, especially if compared with popular alternatives. 





OpenBSD for Linux Users 


OpenBSD 5,9-current (GENERIC.MP) #1982: Sat Apr 2 11:43:48 MDT 2016 
Welcome to OpenBSD: The proactively secure Unix-like operating system, 
Please use the sendbug(1) utility to report bugs in the system, 


known fix for it exists, include that as well 


is 


Figure 5: OpenBSD uses its own X server, which runs without root privi- 
leges. The default window managers are spartan, but you can install mod- 
ern desktop environments such as KDE or Xfce from the repository. 


What OpenBSD Lacks 


Perhaps the most outstanding issue plaguing OpenBSD is raw 
performance. Since the developers are more interested in mak- 
ing the source code readable and easy to understand than in 
making it blazing fast, the operating system does not take ad- 
vantage of multithreading as much as it could. 

Another thing administrators might miss is a more versatile 
filesystem. OpenBSD uses the Unix File System (UFS), which 
lacks modern journaling capabilities. Thankfully, it uses soft 
dependencies as an alternative, which ensure that the filesys- 
tem will remain in a consistent state after a crash. However, 
UFS does not offer Copy-on-Write, so you can’t take ZFS-like 
snapshots of a running system. 

Support for NVidia graphic cards can only be described as 
atrocious. The developers attribute this to NVidia’s refusal to 
collaborate and share GPU specifications in order to write code 
for their cards, and therefore their official recommendation is 
to not use NVidia hardware with OpenBSD. 

Removable devices are supported up to a point, but don’t 
expect a mass USB storage device to auto-mount as it would 
do with a modern desktop environment on Linux. OpenBSD 
just does not have an abstraction layer for mounting pen 
drives and assigning them permissions out of the box. You 
can always hack a solution for supporting auto-mount, but it 
is an involved process. 


Conclusion 
OpenBSD is a true heir to the Unix heritage, built upon Unix 
code (instead of being a clone written from scratch, like Linux). 
As one of the big four surviving BSD Operating Systems - the 
other three being NetBSD, FreeBSD, and DragonFlyBSD - it still 
brings great features to the table. 

OpenBSD’s so-so performance, combined with a lack of a 
Copy-on-Write filesystem, may preclude it from certain server 





applications. Still, OpenBSD is a nice so- 
lution for deploying simple services, 
since the configuration files are compact 
and short, and the documentation is ex- 
cellent. It is very popular for firewalls, 
routers, and ISP infrastructure. 

The OpenBSD developers aim at deliv- 
ering an operating system that has sane 
defaults and does not need the user to 
write complex configuration files in 
order to offer reasonable security. The 
unveil() and pledge() system calls are a 
good example: They are measures inte- 
grated in the programs the user runs, so 
the user needs not be aware of their exis- 
tence to benefit from them. 

Hardware support is not on par with 
Linux. If your computer has an NVidia 
card, you are better off using something 
else. The complications of hardware sup- 
port have contributed to OpenBSD’s repu- 
tation for being a server operating system rather than a desktop 
operating system. On the other hand, popular desktop applica- 
tions such as Thunderbird and LibreOffice are available from the 
ports tree and the repository, so OpenBSD is certainly ready for 
the office as long as you are aware of the hardware limitations. 

OpenBSD is home to a whole lot of projects that are valuable 
on their own. Some of these tools can be used on Linux, such 
as OpenSSH; others are OpenBSD specific, such as 
OpenHTTPD. In any case, these projects will delight propo- 
nents of the KISS principle. OpenBSD is worth a try, if just for 
the userspace software it ships. Hmm 
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Andrew David Wong discusses the Qubes OS project's security-by-compartmentalization approach, 
including an endorsement from Edward Snowden. By Bruce Byfield 


ubes OS is one of the most origi- 
nal security solutions available. 
Using the Xen hypervisor, Qubes 
divides computing into security 
domains, or “qubes” (Figure 1) - includ- 
ing the root-like Dom0 - and incorporates 
them into the desktop menu (Figure 2). 
For other routine operations, such as 
copying to an external drive, Qubes OS 
creates a disposable qube that is dis- 
carded after the operation is complete 
(Figure 3). Recently, community manager 
Andrew David Wong explained more 
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security domains. 


oe 


about Qubes OS in response to Linux 
Magazine’s questions. 


Linux Magazine: Why is free software 
important to security? 


Andrew David Wong: An operating sys- 
tem like Qubes OS aims to be the funda- 
mental bedrock of people’s digital lives. 
We strongly believe that any such secu- 
rity-critical software must be free and 
open source in order to be trustworthy. It 
is essential for any such software that the 
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Figure 1: The Qubes OS desktop. Note the color coding for different 





project and code are transparent and that 
the developers’ interests are aligned with 
those of their users. We all rely on Qubes 
for our own personal security in addition 
to our daily work on Qubes itself. 


LM: What prompted the founding of 
Qubes OS? Personal reasons? Technical 
challenges? An incident? 


ADW: Joanna Rutkowska and her team 
at Invisible Things Lab (ITL) initially rose 
to prominence through their offensive se- 
curity research. Their work on low-level 
security and stealth malware exposed 
vulnerabilities and demonstrated attacks 
many had not thought possible. After 
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Figure 2: Qubes simplifies security 
by adding its security domains, or 
qubes, to the menu. 
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showing that the state of low-level secu- 
rity was even worse than commonly be- 
lieved, their interests turned to figuring 
out how to improve it. Most experts will 
tell you that the people best suited to 
build a secure system are those who 
know how to break such systems. With 
their unparalleled expertise in virtualiza- 
tion security, the ITL team was uniquely 
suited to building a virtualization-based 
system that implements the principle of 
security by compartmentalization. 


LM: Qubes OS is built on Fedora. How 
do the two interact? 


ADW: Qubes uses Fedora as the operat- 
ing system that runs in Dom0 and as one 
of many templates. We could substitute a 
different OS in Dom0, and Qubes would 
still be largely the same. Therefore, we 
don’t think of Qubes as being based on 
Fedora. Rather, Fedora is just one among 
several distros Qubes uses and can use. 
Others include Debian, Whonix, Arch, 
Ubuntu, CentOS, Gentoo, and more. 

In all such cases, we use the binary 
packages provided by the upstream dis- 
tros. We don’t rebuild everything from 
scratch. We simply add our own Qubes- 
specific packages on top of theirs. If one 
were to say that Qubes is based on any- 
thing else, it would be more accurate to 
say Qubes is Xen-based rather than Fe- 
dora-based. This is why we also don’t 
think of Qubes as a Linux distro. If any- 
thing, it’s more of a “Xen distro.” But 
Qubes is much more than just Xen packag- 
ing. It has its own VM [virtual machine] 
management infrastructure with support 
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for templates, centralized updating, and so 
on. It also has a very unique GUI virtual- 
ization infrastructure. All of this forms a 
custom layer that abstracts from the un- 
derlying hypervisor. 

We're working to make it so that Xen 
could be replaced by a different hypervi- 
sor, such as KVM, at which time it will 
no longer be accurate to call Qubes a 
Xen distro anymore, either. This is why 
we tend not to think of Qubes OS as a 
distro of anything else but rather as a 
meta-OS for running distros. 


LM: How is Qubes organized and 
governed? 


ADW: The Qubes OS Project is a global, 
decentralized, Internet-based collabora- 
tion. We have a largely flat, informal 
structure. Marek Marczykowski-Gorecki 
is the project lead, with several others in 
charge of specific areas. We have no 
physical offices, and most work has been 
remote since the beginning. 


LM: Why is Qubes described as “reason- 
ably secure”? 


ADW: Given the team’s experience and 
expertise in showing how ostensibly-se- 
cure systems can be defeated, they un- 
derstand better than most that there is 
no such thing as perfect security, espe- 
cially in a practical, usable system. 

Even the best programmers in the 
world, working under optimal conditions, 
cannot write complex code for real-world 
end users that’s guaranteed to be 100 per- 
cent bug free. Most programmers are 








Figure 3: In Qubes, routine tasks such as converting a PDF file use 
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working under far from optimal condi- 
tions under intense time and financial 
pressure. They’re overworked, sleep de- 
prived, and stressed out. Security is rarely 
a priority and typically little more than a 
distant afterthought. Day after day, these 
programmers around the world continue 
to pump out unfathomably large quanti- 
ties of buggy, exploitable code, which we 
then run on our devices. 

Meanwhile, security experts are in 
short supply, and there are not nearly 
enough to audit even a tiny fraction of 
the code being churned out, much less 
identify and fix the vulnerabilities it 
contains. The result is that new zero- 
day vulnerabilities are discovered and 
exploited at a staggering pace. 

The core idea behind Qubes OS is that 
computer security is fundamentally bro- 
ken. We can never hope to prevent com- 
promise from occurring, so instead we as- 
sume that it will (or already has) and act 
accordingly. Qubes implements the princi- 
ple of security by compartmentalization: It 
allows us to separate different parts of our 
digital lives in securely isolated compart- 
ments called qubes. This way, one qube 
being compromised doesn’t affect the oth- 
ers. A single hack no longer threatens to 
take everything down in one fell swoop. 

The Qubes philosophy is a fundamen- 
tally practical one. For example, some se- 
curity experts regard modern web brows- 
ers as bloated, over-engineered, and too 
easy to exploit. Be that as it may, for regu- 
lar desktop computer users, browsers are 
indispensable. They’re how people access 
their money, get information, do their 
work, and communicate with others. 
Rather than eschew mainstream software 
like browsers, our approach is to ac- 
knowledge that such software is vulnera- 
ble and compartmentalize it accordingly. 
The browser in your untrusted web surf- 
ing qube will probably get compromised 
at some point, but that’s okay, because it 
won’t affect any of your other, more im- 
portant qubes. In fact, we even have dis- 
posable qubes that automatically self-de- 
struct when you’re done using them so 
that a compromise from one session 
doesn’t carry over to the next. 

Qubes is free and open source software. 
We don’t answer to shareholders or a board 
of directors. We don’t answer to anyone ex- 
cept our users. This affords us the freedom 
and the luxury to be frank and honest with 
our users about the real limitations of com- 
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puter security, including the limitations of 
Qubes OS itself. This ethos is nicely cap- 
tured in the slogan “a reasonably secure op- 
erating system.” Reasonable security is the 
best any real-world operating system can 
hope to achieve. We’re just brutally honest 
about it from the get-go. 

There’s also a tongue-in-cheek aspect 
to the slogan. Even before we had a slo- 
gan at all, Qubes OS had already earned a 
reputation as one of the most secure oper- 
ating systems in existence and quite likely 
the most secure operating system avail- 
able to anyone with an Internet connec- 
tion. Many of our community members 
found the understatement of calling it 
only “reasonably” secure quite amusing. 


LM: Your endorsements include one 
from Edward Snowden. Did his endorse- 
ment affect Qube’s popularity? 


ADW: We'd like to think so! While we 
have only a rough estimate of the user- 
base, we do recall a noticeable bump in 
interest from his endorsement, and 
we're certainly grateful for his contin- 
ued support. 


LM: Who is the target audience? Do you 
know of common deployments for Qubes? 


ADW: Ultimately, our target audience is 
everyone who needs secure desktop com- 
puting. We are especially interested in pro- 
viding a secure platform for those living 
and working in hostile environments, such 
as journalists and activists living under to- 
talitarian regimes. Historically, many secu- 
rity researchers and power users have 
been drawn to Qubes, and we're eager to 
continue supporting their needs, as well. 
The Freedom of the Press Foundation 
uses Qubes OS in its SecureDrop project, 
as do the teams at Let’s Encrypt and 
Mullvad. We take great pride in the fact 
that these organizations rely on Qubes for 
their security while they work to provide 
secure technologies for their own users. 


LM: What are the hardware challenges 
to the adoption of Qubes OS? 


ADW: Historically, hardware has been 
one of the greatest challenges. Due to 
the high security standards we set for 
Qubes OS, specific hardware features are 
required. You can read more about that 
at the following links: 
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¢ https://www.qubes-os. org/faq/# 
why-is-vt-xamd-v-important 

© https://www.qubes-os.org/faq/#why- 
is-vt-dadm-viamd-iommu-important 

© https://www.qubes-os.org/doc/ 
system-requirements/ 

¢ https://www.qubes-os.org/doc/ 
certified-hardware/ 

We have addressed these hardware 
challenges through the Qubes certified 
hardware program: https://www. 
qubes-os.org/doc/certified-hardware/. 

In addition, our community has re- 
cently put a lot of work into curating a list 
of computers that work well with Qubes: 
https://forum.qubes-os.org/t/5560. 

Our community members also rou- 
tinely test hardware to which they have 
access and contribute the results to our 
Hardware compatibility list (HCL): 
https://www.qubes-os.org/hcl/. 


LM: How does security affect user 
convenience? 


ADW: Qubes OS is inherently complex 
because it’s a compartmentalized system 
based on virtualization, which requires 
users to make conscious decisions about 
how to divide up their digital lives. It has 
a secure-by-design architecture. Secure 
designs always entail certain security- 
convenience trade-offs. Moreover, it’s 
based on a Linux environment that’s new 
to many users coming from Windows and 
Mac backgrounds. Most operating sys- 
tems might have to contend with one or 
maybe two of these factors, but Qubes 
combines all three. So, it comes as no sur- 
prise that it can be a challenge for some 
users to learn and use. 

However, we’re serious about making 
Qubes easier to use. Nina Alter, a user 
experience [UX] and design expert, has 
joined the team and has been hard at 
work on UX improvements throughout 
the system, some of which are funded by 
external grants. 


LM: Why is Qubes OS not compatible 
with a virtual machine? 


ADW: Some users have been able to install 
Qubes in a virtual machine, but it is neither 
recommended nor supported. Qubes 
should be installed on bare metal. After all, 
it uses its own bare-metal hypervisor! 
While we understand that it would be 
easier to install Qubes in a virtual ma- 


chine in order to try it out, one common 
alternative is to install Qubes on a fast 
removable drive, such as a USB 3.0 flash 
drive or an external SSD. This allows 
you to try Qubes on various systems 
without replacing the existing operating 
system on the internal drive. 


LM: What future directions are planned? 


ADW: There are two main goals we’re 

currently pursuing: 

1. While many of Qubes’ security features 
are available via user-friendly graphical 
interfaces, many others still require 
using the command line and editing 
specific configuration files. In upcom- 
ing releases, we’ll focus on making 
these features more accessible to ordi- 
nary users, for example, by adding 
graphical interfaces for more parts of 
the system and providing ready-to-use 
configurations rather than requiring 
users to create their own. 

2. Our security-by-compartmentalization 
approach uses virtual machines to iso- 
late different workloads from one an- 
other, including those of our internal 
system services. This is similar to a mi- 
crokernel architecture but with some- 
what heavier workloads. We're going to 
expand in this direction by allowing 
more types of workloads to be isolated. 
The latest example of this is isolating the 
entire graphics subsystem in a GUI qube. 
We're also going to make these work- 
loads lighter in order to allow for greater 
compartmentalization without requiring 
significantly more hardware resources, 
in particular, by leveraging the use of 
unikernels for certain workloads. 


LM: Is there anything else you would 
like to add? 


ADW: We are particularly grateful to our 
community for their steadfast support 
throughout the years. We’re pleased to see 
all the interesting things they’re making 
out of the building blocks we’ve provided, 
such as the KVM/Power port, Windows 
support, Qubes Video Companion, Wyng 
backup, and many more. Witnessing such 
a thriving ecosystem grow up around 
Qubes shows us how far we’ve come and 
how much the project has matured over 
the years, and we couldn’t have done it 
without our users, contributors, donors, 
and partners. Thank you! Sam 
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An alternative search tool for LibreOffice Writer 


AltSearch 


AltSearch offers extended functionality to LibreOffice Write’s default find and replace tools, 
making it ideal for editing and formatting longer documents. By Bruce Byfield 


ew features in a word processor 

are less glamorous than a search 

tool. That is, until you do some 

intensive editing, especially if 
your revisions include reformatting. 
Then you will be thankful for a full- 
featured tool. In the case of LibreOffice 
Writer, the available tools are barely 
adequate, which is why I recommend 
the Alternative Find & Replace for 
Writer extension, also known as Alt- 
Search [1]. 

Like all LibreOffice extensions, Alt- 
Search is easily installed. Just download 
it from the LibreOffice extension site, 
and open Tools | Extension Manager. 
The next time you start Writer, AltSearch 
appears as a menu item, as well as an 
icon with green binoculars in the upper 
left corner of the toolbar. 

You can understand the need for Alt- 
Search by examining the default search 
tools in Writer. Edit | Find is a simple 
field similar to the ones found in many 
web browsers. It is suitable for finding 
words and phrases, but its options are 
strictly limited. You can search back- 
ward or forward from your present loca- 
tion in a document, find all, or match 
case - and that’s all (Figure 1). 
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Edit | Find & Replace is more versatile, 
but it, too, is relatively limited. It can 
match case or search for whole words 
only. It has several 


larity, and searches on a half-dozen 
paragraph styles, which make it more 
useful than Find - although you must be 





additional fea- 
tures, such as sup- 
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Figure 1: Find is Writer's basic search tool. For many 
purposes, it is too simple. 
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Figure 2: Find & Replace is an improvement over Find but is still fairly basic. 
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Figure 3: Navigator is useful for finding objects ina 
document but is separate from the other find tools. 


careful not to replace the Find field’s 
contents with nothing if you use the tool 
just to search (Figure 2). 

Another default tool, Navigator, which 
you open from the sidebar, allows search- 
ing by any object in the document, most 
usefully by six paragraph style headings, 


» Fonts, color, and the magic number 


Installing fonts for LibreOffice 
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» Choosing fonts in LibreOffice 
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and even lets you 
reposition text 
below the head- 
ings without cut- 
ting and pasting 
(Figure 3) - but 
that is all. All three 
default tools are 
focused on finding 
and have limited 
power to edit. 

By contrast, Alt- 
Search offers more 
options (Figure 4). 
Admittedly, it suf- 
fers from some 
misspellings in the 
menus and is awk- 
ward to use. In 
particular, the 
menus are so long 
that it is best to 
position the win- 
dow as close to 
the upper left cor- 
ner of the screen 
as possible. How- 
ever, most of the 
menu items in- 
clude online help, and AltSearch’s capa- 
bilities make the inconvenience worth 
enduring. 

To start with, AltSearch’s main window 
is better organized than Writer’s default 
tools, with much of the complexity hid- 
den. You can easily replace the default 
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Figure 4: AltSearch is as much an editing tool as another search tool. 
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tools with AltSearch without delving into 
its complexities. But if you do take a 
closer look at AltSearch, you will find 
several important improvements. 

For example, although Find supports 
standard regular expressions, it leaves the 
user to decide which ones to use. In com- 
parison, AltSearch offers a selection win- 
dow that includes custom expressions for 
formatting, such as custom hyphens and 
non-breaking dashes (Figure 5). 

In addition, AltSearch offers a list of 
extended regular expressions (Figure 6) 
that, among other things, allows 
searches for most of the objects dis- 
played in Navigator, including images, 
tables, frames, and cross references - a 
combination of features so basic I’m sur- 
prised that Writer did not do the same 
years ago. Other extended regular ex- 
pressions include hyperlinks, text inside 
parentheses, and HTML tags. 

Similarly, while the default tools only 
support basic paragraph styles, Alt- 
Search’s properties not only support 
character and list styles, but they can 
search on any of these styles used in the 
document rather than a basic few (Fig- 
ure 7). Moreover, should these choices 
be overwhelming, you can run AltSearch 
on the basis of the text you select with 
the cursor. All these options greatly in- 
crease the chance of pinpointing a 
search item quickly, which is especially 
welcome in longer documents. 

These options are not just useful in 
searches. They can also be useful in 





First char of a paragraph A, 
End of a paragraph 


Empty paragraph AS 
Any text in one paragraph — 
Any letter [:alpha:]{1,1} \1l 
Any decimal digit [0-9] \d 
Beginning of a word \< 
End of a word \> 
Paragraph (ending mark) \p 
Series of empty paragraphs 4$\p* 
Tabulator \t 
Manual line break \n 
Manual column break \c 
Manual page break \m 


Any space [ \xXAO\x9\xA] \s 


Non-breaking space (\xA0) \sS 
Custom hyphens 

Non-breaking dash 
A inserted by decimal code \#65 


Dot Ne 
Parentheses () \(\) 
Square brackets [] \Q\] 











Figure 5: AltSearch’s list of useful 
regular expressions. 
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Expands found selection about one char to both sides 
Append mark || for multiple replace (in one step) 


Text between () (inside of one paragraph) 
Text between [] (inside of one paragraph) 
Text between {} (inside of one paragraph) 


e-mail address 
Internet, URL, 
HTML tag 

Opening HTML tag 
Closing HTML tag 


www address 


Notes (yellow bubbles) - searches substring in contents of notes 
Text fields - searches substring in contents of fields 

Text frame - searches substring in Names of frames 

Table - searches substring in Names of tables 

Picture - searches substring in Names of pistures 

Footnote - 





text of anchor; add \\ for searches in content of footnootes 

Endnote - text of anchor; add \\ for searches in content of Endnootes 

Cross-ref. marker (text); \\ for search in Name; \\\\ for search of empty text 
Cross-reference (text); \\ for search in N. of marker; \\\\ for s. of empty text 
Bookmark - searches substring in text of Bookmarks; add \\ for searches in Names 


choice and construct files that perform 
as many functions as you choose. 
When completed, a batch file can be 
executed and saved for later use. This 
function is especially useful in a longer 
project such as a book or thesis, where 
you might have many files that need to 
be edited in the same way because 
they will eventually be combined into a 
single work. 


Conclusion 

All this functionality takes a while to 
learn. Online help [2] exists, but it is 
more than a decade old and only margin- 








Figure 6: AltSearch’s list of extended expressions. 


ally more detailed than the help built 
into the interface. For that matter, Alt- 


turning AltSearch into the desktop 
equivalent of the sed command. For ex- 
ample, if you save a Writer document 
that uses styles into text format, the con- 
version eliminates the indentation of a 
new paragraph, as well as any space be- 
tween paragraphs. Adding spaces be- 
tween paragraphs manually is tedious, 
but with AltSearch you can search for 
paragraph breaks with /p and replace 
them with a paragraph break and an 
empty new line (/p/n), preparing the 
text version of the document within sec- 
onds. If you want the extra space only in 
a list style, you can specify the style as 
well. In much the same way, you can 
easily remove non-breaking spaces or 
hyphens by replacing them with nothing 
and find a character string at the start 
(/ <) or end of a word (/>). 

In addition, AltSearch can perform a 
search or a replace that contains more 


than one paragraph, or it can define a 
start and end point for a search. Both 
search and replace can be added from 
the clipboard, which is particularly use- 
ful with a clipboard that supports multi- 
ple entries. Styles can be replaced with 
another of the same kind, and objects 
can be renamed for easier navigation. 

Perhaps AltSearch’s most important 
single feature is the ability to do multi- 
ple searches via a batch file. The Batch 
manager opens with a list of some basic 
editing tasks, ranging from converting 
to a cleaner version of HTML than is 
available in Writer, converting date for- 
mats, or writing all of one kind of ob- 
ject to a new file (Figure 8). However, 
these are only samples of tasks that you 
can add to a batch file. From the Batch 
manager window, you can open the 
text editor 
of your 





Charcter style 
List style 


Hyper Link 

Hyperlink - substring in URL 
Italic 

Bold 

Bold Italic 

Font Name (manual changed name) 
Font Size 

Font Color 

Font background (Highlighting) 
Under Line 

Index (any) 

Subscript (Auto) 

Superscript (Auto) 








Text [All] 
Text (Ail) 
Text [Att] 
Text (Ail) 
Text (Att} 
Text [Att} 
Text {Ally 


elected block 


paragraphs 
pot 


Search itself seems not to have had a re- 
lease for at least as long. So far, Alt- 
Search continues to work, but a time 
may come when the latest LibreOffice re- 
lease no longer supports it. If that ever 
happens, it would be a crippling blow to 
Writer’s functionality, not just for search 
and replace but for serious editing as 
well. AltSearch is an extension that, like 
others before it, deserves to be a default 
part of the LibreOffice code. In fact, 
maybe someday, a version will be re- 
leased for LibreOffice Calc as well. umm 


Info 

[1] AltSearch: 
https://extensions.libreoffice.org/en/ 
extensions/show/alternative-dialog- 
find-replace-for-writer 

[2] Online help: http:/macrojtb.hys.cz/ 
HelpAltSearch_en. 


Alternative Find & Replace for Writer v1.4.2 3/2017 





Key shortcuts Multiple Execute >> 


Execute 


Transfer 


Save batch 
Edit 
Refresh 
? 


<< Searching 


Index defined by font size and escapement 


Similar format of characters (based on cursor) 
Same format of characters (based on cursor) 








Close 








Figure 7: AltSearch lets you search on charac- 
ter and list styles. 
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Figure 8: Users can write their own batch files to perform 
multiple functions all at once. 
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Distributed computing in the service of COVID research 


ALB VVEN 
\Rrereere 


Linux and the BOINC distributed computing platform help 
researchers fight the COVID-19 virus. By Erik Barwaldt 


4PM OVID-19 has had a dramatic im- 
kal pact on countries around the 
| jy world. Researchers are continu- 
ad ing their work to develop vac- 
cines and explore other ways of contain- 
ing the virus. Many research projects re- 
quire enormous computing capacities, 
but expensive supercomputers are not 
always available. Thanks to the concept 
of distributed computing, you can sup- 
port research efforts by providing the 
computing power of your home PC. 

The concept of using home computers 
to assist with research projects has been 
around for several years. The SETI proj- 
ect (Search for Extraterrestrial Intelli- 
gence) has offered home users a chance 
to process radio telescope data since 
1999. IBM launched the World Commu- 
nity Grid [1], a central platform for man- 
aging volunteer distributed computing 
projects, in 2004. Since 2005, the World 
Community Grid has used BOINC [2], a 
software tool developed by the Univer- 
sity of Berkeley for supporting distrib- 
uted computing. 

BOINC (Berkeley Open Infrastructure 
for Network Computing) separates the 
computational framework from the scien- 
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tific content, which makes it quite easy to 
adapt to a specific research project. 

The software distributes independent 
work units to clients, which means you 
can integrate computers with different 
capabilities into the computations with- 
out slowing down the project. 

BOINC has been available since 2005 
as a free tool for Linux. The client does 
not just use the excess computing 
power of the CPU, but it also has a 
CUDA interface, which means it can 
access NVidia Graphics Processing 
Units (GPUs) [3]. 


Fighting Coronavirus 

Scripps Research, based in California 
with subsidiaries in Florida [4], is one 
of the world’s leading biomedical re- 
search institutes. More than 3,000 scien- 
tists work at the non-profit institution, 
spread over several institutes. The Forli 
Lab, which is part of Scripps Research, 
focuses on molecular biology [5]. 

As part of the “OpenPandemics - 
COVID-19” initiative, the laboratory is 
using the World Community Grid in 
elaborate simulations [6] in cooperation 
with IBM to find chemical components 
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to combat COVID-19. Distributed com- 
puting in the World Community Grid is 
responsible for screening individual 
components for later study. 


Getting Started 

To reroute the surplus computing power 
of your computer for COVID-19 research, 
first log in to the World Community Grid 
(WCG). To access the Grid, you just need 
to provide an email address and a pass- 
word for the login. 

You will receive an email for confirma- 
tion, which lets you verify your access to 
the WCG at the same time. Afterwards - 
with the help of the the World Commu- 
nity Grid website - you install the 
BOINC client and the matching manager 
on your computer. 

To install the client, click on the 
Download link top right on the web 
page and then select one of the pack- 
age management systems from the 
drop-down menu. DEB and RPM-based 
derivatives are available for selection. 
After making your choice, you are 
taken to a page with installation in- 
structions. In most cases, you won’t 
need to download the packages be- 
cause the required applications are 
available from the software reposito- 
ries of the popular distributions. 

Run the commands listed in Listing 1 
(for DEB-based systems) or Listing 2 (for 
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Listing 1: Installation on Debian/Ubuntu 


sudo apt install boinc-client boinc-manager 


sudo systemctl enable boinc-client 


sudo systemctl start boinc-client 


sudo chmod gtr /var/lib/boinc-client/gui_rpce_auth.cfg 


sudo usermod -a -G boinc $USER 
exec su $USER 


boinemgr -d /var/lib/boinc-client 


RPM-based derivatives). The BOINC 
manager pops up when you launch the 
application. The BOINC client itself has 
no graphical user interface but is used 
exclusively for communication with the 
server. 

In the BOINC Manager, another win- 
dow opens with a wizard. Now select 
the OpenPandemics project from the list 
of existing projects via the World Com- 
munity Grid entry (Figure 1). 

Log in to the BOINC manager with the 
combination of your email address and 
the password, which you registered up 
front. In the main window of the man- 
ager, you can now start the computa- 
tions. The software fades to a progress 
bar and shows the necessary compute 
time, as well as the time already granted. 

In the upper part of the window, you 
can view the active project. If you are 
participating in several computations, 
you can change the project by choosing 
an entry in the selection box. After run- 
ning all the tasks, a green dot appears to 
the left of the project’s name. 

Pressing Stop at the bottom center of 
the window interrupts the computations; 
instead of the green dot a red one ap- 
pears. Continue 
lets you restart the 
work (Figure 2). 


Choose a project 


Settings = 
The BOINC man- ae 
ager typically allo- RakeSearch 
cates the free re- ee 
Rosetta@home 


sources of your 
system indepen- 
dently so that the 


siDock@home 
SRBase 
Universe@Home 


computer does not Yoyo@home ae Aen 


suffer from the ad- 
ditional work. The 
application might 
possibly include 


Project URL: 





To choose a project, click its name or type its URL below. 


http://www.worldcommunitygrid.org/ 


Fighting COVID-19 with BOINC SHIH 


Listing 2: Installation on RPM-based Systems 


sudo yum install boinc-client boinc-manager 


sudo systemctl enable boinc-client 


sudo systemctl start boinc-client 


sudo chmod gtr /var/lib/boinc/gui_rpc_auth.cfg 


sudo usermod -a -G boinc $USER 


exec su $USER 


boinemgr -d /var/lib/boinc 


If you have an NVidia card, you do not 
need to download the support for this in- 
terface typically required for CUDA- 
based applications from the vendor’s 
website. Instead, BOINC detects the GPU 
automatically and integrates it into the 
computations. AMD graphics cards and 
Intel-based GPUs are not integrated by 
the software. 

If computer load generated by other 
applications increases, the BOINC cli- 
ent stops its work. In this case, the 
manager remains active, but no further 
computation takes place. Once the sys- 
tem load has dropped back to below a 
given threshold value, the application 
automatically resumes its activity. 
When the activity restarts, the tool at- 
tempts to establish balanced load be- 
havior (Figure 3). 

In addition, the manager integrates 
various options for distributing the 
load which let you set thresholds 
yourself. You can reach the advanced 
settings via the menu items View | Ad- 
vanced View. This is where you con- 
figure basic settings for the graphics 
processor via Control in the context 
menu. 


BOINC Manager 


Project details 


’ To Further critical non-profit research on some of 
humanity's most pressing problems by creating the 
world's largest volunteer computing grid 
Research includes HIV-AIDS, cancer, tropical and 
neglected diseases, solar energy, clean water and 
many more. 


Research area: Medical, environmental and other ... 
Organization: 1BM Corporate Citizenship 


Web site: ini hanna aaatliciens 


Next > Cancel 








your graphics card 
if it is an NVidia 
GPU. 


Figure 1: Select the World Community Grid entry -— 
the OpenPandemics projects will then appear ona 
list of existing projects. 


The menu Options | Calculation set- 
tings opens a very extensive dialog for 
fine-tuning the software. Calculation 
running is where you define the perfor- 
mance settings. This includes the thresh- 
old values for the system load. 

The Network tab lets you configure the 
data transfer rate. This is where you 
specify, say, the upload and download 
rates. On the Daily schedule tab you can 
additionally define when the BOINC 
software is allowed to carry out its com- 
putation work. You can create a weekly 
schedule. The schedule is divided into 
two components: the times for calcula- 
tions and the times for the data transfer. 

For systems that operate in 24-hour 
mode, you can use this feature to shift 
the times for compute work and trans- 
fers to the night. After completing the 
desired settings, don’t forget to press 
Save to store them. 


BOINC Manager 


File View Options Tools Help 


Tasks: @ Mapping Cancer Markers ’ 


From: World Community Grid 


Elapsed: 00:00:47 
Remaining (estimated): 13:02:49 

0.500% 
Status: Running 


Task Commands 


Profects: Add Project 


Gy vers Community Grid 7 


Work done for this project: 0 


Project Web Pages Project Commands 


Notices Suspend Help 











Figure 2: The BOINC Manager 
shows you all the information 
required for distributed 
computing. 
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Figure 3: The BOINC Manager does not fully load even high-end computers. 


Information 
The active status displays are shown 
also in the extended view of the BOINC 
manager. This window is also structured 
by tabs. You will find a News tab with a 
very simple feed reader showing you the 
latest information on the individual proj- 
ects, along with their keywords. Links 
take you to websites with the full details. 

The Projects tab lists the projects you 
have selected in tabular form, and 
Tasks shows you the tasks within the 
active projects. Each of these tasks has 
a status indicator; using the progress 
bars, you can see the progress of the 
compute work in 
each task. The 
software updates 
this information 
in near real time 
(Figure 4). 

You can access 
graphics settings 
in the Transfer, 
Statistics, and Disk 
tabs; some of these 
settings let you 
customize to suit 


Eanotices Pr Bitasks 


Commands 


Show all tasks 





Project 
World Community Grid 
World Community Grid 


Conclusions 

The World Community Grid is an inno- 
vative option for consigning idle com- 
puter capacities to the service of science. 
The BOINC software does not pose any 
problems for newcomers and is simple 
enough to virtually rule out any issues 
due to incorrect use. 

The project launched by the Forli Lab 
and Scripps Research to explore thera- 
peutic options against COVID-19 pro- 
vides an excellent opportunity to put 
your surplus resources to good use. But 
do keep in mind that computing power 
costs electricity. mmm 


BOINC Manager 


File View Activity Options Tools Help 


PTransfers Statistics @is 
Progress Status 
0.795% Running 
0.500% Running 


Elapsed Remaining (estit 
00:02:30 
00:01:26 


Info 

[1] World Community Grid: 
https://www.worldcommunitygrid. 
org/discover.action 

BOINC software: 
https://boinc.berkeley.edu/ 


[2] 


[3] CUDA information: https://developer. 


nvidia.com/cuda-zone 
[4 


= 


Scripps Research: 
https://www.scripps.edu 


The Forli Lab: Attps:/forlilab.org/ 
OpenPandemics COVID-19 project: 


https:/www.worldcommunitygrid. 
org/research/opn 1/overview.do 


[5 
[6 


—_ tn 





Deadline Application Name 
MCM1 


MCM1_} 


09:04:43 Thu 09 Sep 2021 04:4... 
09:06:21 Thu 09 Sep 2021 04:5... 


Mapping Cancer Mark... 
Mapping Cancer Mark... 


@ connected to localhost (7.16.6) 








individual perfor- 


mance criteria. a time scale. 


Figure 4: The detailed view shows you which tasks the software will complete, along with 


LINUXPROMAGAZINE.COM 


GET PRODUCTIVE WITH 






101 LINUX HACKS 


2 TUNE YOUR LINUX ‘ YOUR LINUX SYSTEM 


1Okxi eu E 
ACK 


Tricks and shortcuts ii [PF 
for Linux geeks 





= Recover deleted docs 

= Send files without a 
target IP 

= View a handy cheat 
sheet for your favorite 
commands 


™ STREAMLINE: 
Clean up hidden files 


EXTREME CHROOT: 
Change to a second distro 
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Improve your 
Linux skills with 
this cool collection of 
inspirational tricks and 
shortcuts for Linux geeks. 


@ Undelete lost files 


@ Cure the caps lock 
disease 


@ Run C one-liners in 
the shell 


@ Disable your webcam 
and mic 


@ And more! 


BEEBE Charly’s Column - VM Detection 


The sys admin’s daily grind: Virtual or physical? 


Where Did It Go? 


To write low-level scripts, as an admin, you need to know whether you are currently on a physical or 
a virtual machine. Charly finds out with a couple of clever hacks. By Charly Kiihnast 


f the systems I work on, about 
90 percent are virtualized and 
10 percent are legacy hardware 
servers. For many jobs, this 
makes no difference, but when I write 
scripts that call or change hardware-re- 
lated functions, I need this information. 
If I have root privileges on the system 
and am also allowed to retroactively in- 
stall software, the problem can be 
solved very quickly. I install either 
Facter [1] or virt-what [2]. Facter pro- 
vides extensive information about the 


# dmidecode 3.1 
Getting SMBIOS data from sysfs. 
SMBIOS 2.4 present. 


Handle 0x0001, DMI type 1, 27 bytes 
System Information 
Manufacturer: VMware, Inc. 


Version: None 
Wake-up Type: Power Switch 


SKU Number: Not Specified 
Family: Not Specified 





Product Name: VMware Virtual Platform 


Serial Number: VMware-42 13 c6 d2 21 11 fb fd-87 c5 3c 82 c6 b7 9b £2 
UUID: 4213C6D2-2111-FBFD-87C5-3C82C6B79BF2 


system’s hardware, much like Ishu, and 
is actually overkill for answering the 
“virtual or not” question. Calling facter 
virtual returns the virtualization plat- 
form as the answer, such as vmware or 
kvm. The same result is returned by a 
call to virt-what. If I don’t need the 
power of Facter elsewhere, I prefer the 
leaner virt-wuhat. 

If I have root privileges but am not al- 
lowed to install software (for example, 
because of restricted repositories), there 
is another possibility. The command 





Figure 1: Dmidecode lets me quickly discover whether I’m working on a 


virtual machine. 


Listing 1: Virtual or Physical? 


ol dmesg | grep DMI 


02 0.000000] DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop 
Reference Platform, BIOS 6.00 05/28/2020 

Ck) neal 

04 0.000000] DMI: HP ProLiant DL320e Gens, BIOS Jos 12/10/2012 

os 





06 $ cat /proc/scsi/scesi 


07 Attached devices: 


08 Host: scsi2 Channel: 00 Id: 00 Lun: 00 

09 Vendor: QEMU Model: QEMU HARDDISK Rev: 2.5+ 
10 Type: Direct-Access ANSI SCSI revision: 05 
tak jhe eal 

12 Attached devices: 

13 Host: scsi2 Channel: 00 Id: 00 Lun: 00 

14 Vendor: ATA Model: SanDisk SSD PLUS Rev: OORL 

ANSI SCSI revision: 05 


us) Type: Direct-Access 
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dmidecode -t system 


gives me the desired information (Fig- 
ure 1). 

But what if I don’t have root privileges 
on the system? There are solutions for 
this, too, even several of them. The first 
is the command: 


dmesg | grep DMI 


On a VMware guest, the output looks 
like the second line of Listing 1. If I run 
the same command on a physical server, 
I usually see some information about the 
server model at this point (line 4). 
Another possibility is the command: 


cat /proc/scsi/scsi 


On a virtualized system, I would see out- 
put like that shown in lines 7 to 10 of List- 
ing 1. The physical system, on the other 
hand, again responds with information 
about the hardware (starting in line 12). 

There are quite a few other possibili- 
ties, but whenever it is technically possi- 
ble, I use virt-what. It doesn’t get any 
faster or easier than that. EEE 


Info 
[1] Facter: 
https://github.com/puppetlabs/facter 


[2] virt-what: https://people.redhat.com/ 


~rjones/virt-what/ 


Author 

Charly Kihnast manages 
Unix systems in a data 
center in the Lower Rhine 
region of Germany. His 
responsibilities include 
ensuring the security and 
availability of firewalls 
and the DMZ. 





| LINUXPROMAGAZINE.COM 






















iij 
CL 
ll 

OC 







Ww WITH DIGITAL 
Bligh a 


r ge your collection of Linux WV lefeloralay= 


ADMIN. Network & Security with our 








OU et a full ydar oF aaa in PDF format to 
access at any time from any device. 


tl Ss 
= SN iar 





_. 


> 
Hardwarenformation= 


| 
Probing for hardwar 
N 


‘. 





A quick guide to 10 command-line tools to help you find pry out the information you need from 


. . the niche where it resides. M ho th 
hardware information. By Bruce Byfield wharieheeniateaes nebo uaniaae 
basic 1s command in their name, and 


many have two or more levels of verbos- 


| f you need hardware information, is probably available online but is not ity, each one giving more detailed infor- 
where do you turn? You might have much use without the model number. mation than the last. But whatever the 
the box and a Quick Start Guide, but The simplest source is your system itself, name or structure of the command, each 
ml chances are they’re lost in the back which has plenty of commands - includ- unlocks an often untapped cache of infor- 
of some closet. More detailed information _ing basic ones such as grep and Is - to mation. Most of the time, you will want 








ure 1: Using uname at the command line provides a brief system overview. 














Figure 2: Shown here at the highest level, 1spci has up to three levels of verbosity. Note that some information : 
is not given when logged in as a non-privileged user. : 
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nanday 
description: 


Desktop Computer 


Command Line — Hardware Information S30 


product: MS-7693 (To be filled by 0.E.M.) 


vendor: MSI 
version: 4.0 
serial: 
width: 64 bits 
capabilities: 


OE el I 
*-core 
description: 
product: 
vendor: MSI 
physical id: 0 
version: 4.0 
serial: 
slot: 
*-firmware 
description: 
vendor: 
physical id: 0 
version: V22.4 
date: 12/21/2015 


BIOS 


Motherboard 
970 GAMING (MS-7693) 


To be filled by 0. 


Ee 
To be filled by 0.E.M. 


To be filled by 0.E.M. 


smbios-2.8 dmi-2.8 smp vsyscall32 
configuration: boot=normal chassis=desktop family=To be filled by 0.E.M. 
UU1d=00000000-0000-0000-0000-4CCC6A250851 


M. 


American Megatrends Inc. 


sku=To be filled by 





Figure 3: Run as root, |shw gives an exhaustive view of a system’s hardware components. 


to pipe the commands through less (add- 
ing | less at the end of the command), 
and in some cases you will need to log in 
as root to access the information. 


uname 
Using uname provides a high-level view 
of both the hardware and software on 
the system. With the -a option, it gives 
the following information in this order: 
kernel name, host name, kernel re- 
lease, kernel version (such as Debian 
4.19.194-3 (2021-07-18)), hardware 
type, hardware architecture, and oper- 
ating system. Each 
of these pieces of 
information can be 
displayed by itself 
with a specific op- 
tion of its own, but 
because the options 
often have no rela- 
tion to the informa- 
tion, it is easier to 
simply remember 
uname -a. With no 
option, uname simply 
lists the operating 
system (Figure 1). 


Ispci 

For a brief summary 
of all PCI buses, type 
the bare command. 
For more detail, add 
a level of verbosity 
from -v to -vvv. For 
hexadecimal dumps, 


Handle @x0000, 

BIOS Information 
Vendor: 
Version: 
Release 
Address: 
Runtime 
ROM Size: 
Characteristics: 


there are also four levels of detail, from 
-X tO -XXXX. 

A bus-specific view of information can 
be had with -b and a tree view with -t. 
Regular accounts can receive some infor- 
mation, but a full display requires root 
privileges (Figure 2). 


Ishw 

While Ishu can be run as an ordinary 
user, it only gives detailed information 
when run as root. When run with root 
privileges, the command’s default output 
includes information on exact memory 


root@nanday:~# dmidecode 

# dmidecode 3.2 

Getting SMBIOS data from sysfs. 
SMBIOS 2.8 present. 

55 structures occupying 2287 bytes. 
Table at OxQ00ECB10. 


DMI type 0, 24 bytes 
American Megatrends Inc. 
V22.4 

Date: 12/21/2015 
®xF0000 

Size: 64 kB 

8192 kB 


PCI is supported 
BIOS is upgradeable 


BIOS shadowing is allowed 
Boot from CD is supported 


configuration, firmware version, main- 
board configuration, CPU version and 
speed, cache configuration, and bus 
speed. If you are taking a screen shot, 
you might want to use the --sanitize 
option to conceal sensitive information 
such as IP addresses (Figure 3). 


dmidecode 

The man page for dmidecode warns that, 
because the command gives results 
quickly and securely, its output may be 
unreliable. Fortunately, so far as I can 
tell, that problem never seems to pop up, 


SY-3 Xen oe] 0 <M of ole) as M-SEE-ZU] 0) ofo) mat -Te| 


BIOS ROM is socketed 
EDD is supported 


5.25"/1.2 MB floppy services are supported (int 13h) 
3.5"/720 kB floppy services are supported (int 13h) 





Figure 4: Information provided by dmi decode includes a summary of the BIOS. 
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root@nanday: ~# 
007 Device 
007 Device 
007 Device 
007 Device 
007 Device 
007 Device 

Ss 007 Device 
007 Device 
007 Device 
@11 Device 
@10 Device 
004 Device 
009 Device 
001 Device 
008 Device 
006 Device 
005 Device 

s 005 Device 
003 Device 
002 Device 
@02 Device 


HP, Inc LaserJet 3050 
Wacom Co., Ltd 


Texas Instruments PCM2900B Audio CODEC 


NEC Corp. HighSpeed Hub 


Generic Keyboardio Model @1 
Broadcom Corp. BCM20702A0 Bluetooth 
NEC Corp. HighSpeed Hub 
Linux Foundation 2.0 root 
Linux Foundation root 
Linux Foundation root 
Linux Foundation root 
Linux Foundation root 
Linux Foundation root 
Linux Foundation root 
Linux Foundation 3.® root 
VIA Labs, Inc. Hub 
Linux Foundation 2. 
Linux Foundation 3 
VIA Labs, Inc. Hub 
Linux Foundation 2 


Figure 5: Use |susb to list USB devices. 
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hub 
hub 
hub 
hub 
hub 
hub 
hub 
hub 


i a 


hub 
hub 


root 
root 


root hub 





and dmidecode provides a useful sum- 
mary of a system’s hardware, including 
the serial numbers and BIOS revision. 
You can search for a specific piece of 
hardware using --string (-s) KEYWORD, 
--type (-t) DEVICE-TYPE, or --handler 
(-h) DEVICE-ID. The man page contains a 


list of the types of devices listed and a 
table of useful keywords (Figure 4). 


Isusb 

Modern computers depend heavily on USB 
devices, so it is only natural that a com- 
mand was written to dig out information 


root@nanday:~# lscpu 
Architecture: 
CPU op-mode(s): 


x86_64 

32-bit, 64-bit 
Little Endian 

48 bits physical, 48 bits virtual 
On-Line CPU(s) list: 
Thread(s) per core: 
Core(s) per socket: 
Socket(s): 

NUMA node(s): 

Vendor ID: 

CPU family: 

Model: 2 

Model name: AMD FX(tm)-8350 Eight-Core Processor 


Figure 6: For a detailed view of the CPU, use Iscpu. 


Q-7 
2 
4 
1 
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AuthenticAMD 
7a 





root@nanday:~# lsscsi 
@:0:0:0] disk 
2:0:0:0] disk 
4:0:0:0] exe VAC hYAe| 


/dev/sda 
/dev/sdb 
/dev/sr® 


ATA Samsung SSD 850 2B6Q 
ATA WDC WD2003FZEX-®0 1A01 
HL-DT-ST DVDRAM GH24NSCO LI00O 





Figure 7: As 1ssci shows, SCSI devices continue to be a standard part of 
modern computer systems. 


on them. By itself, lsusb will give a com- 
plete list of USB devices. However, with -s 
[[bus]: ][devnum] you can display in deci- 
mal only the devices on a specified bus 
and/or devnum. Similarly, -d 

[vendor]: [product] displays in hexadeci- 
mal only the devices with the specified 
vendor and model ID. As root, you can 
also use -D DEVICE-FILE. As any account, 
you can use -t to display information as a 
tree (Figure 5). 


Iscpu 

This command displays information 
gathered from sysfs, /proc/cpuinfo, and 
architecture-specific libraries. You can 
run Iscpu with --extended (-e) to dis- 
play more detailed information (just as 
--verbose is used in some other hard- 
ware commands), plus --parse (-p) to 
optimize the formatting of the output. 
In addition, for even more detailed out- 
put, --out-all can be added. Depending 
on the options, Iscpu displays as many 
as 13 columns of information, among 
them CPU, CORE, SOCKET, and ADDRESS. For 
virtual machines, it can also display 
CONFIGURED, meaning whether the vir- 
tual machine is using the CPU, and P0- 
LARIZATION, which indicates whether the 
virtual machine can switch the CPU dis- 
patching mode between horizontal or 
vertical. Users can specify only online 
CPUs with --online (-b), only off-line 
CPUs with --offline (-c) and --ex- 
tended combined, or both with --al1 
(-a) (Figure 6). 


Isscsi 

Many people imagine that SCSI drives 
are obsolete, but, in fact, both hard 
drives and solid state drives, as well as 
DVD drives, continue to use SCSI, al- 
though in a highly modified standard. 
For help, Isscsi has an info file, but not 
a man file. Adding --list (-L), --long 
(-1), and --verbose (-v) to the command 


. 802664] 
.890655] 
.978652] 
. 066649] 
. 385296] 
. 385324] 
. 385336] 
CLELy A 
. 399275] 
.403579] 
.403961] 


pci 0000:00:12. 
pci 0000:00:13. 
pci 0000:00:14. 


quirk_usb_early_handof f+0x0/O@x6d0 took 84534 

quirk_usb_early_handoff+0x0/0x6d® took 85829 
: quirk_usb_early_handoff+0x0/@x6d0 took 85829 

pci 0000:00:16.0: quirk_usb_early_handoff+0x0/0x6d0 took 85926 

ACPI: bus type USB registered 

usbcore: registered new interface driver usbfs 

usbcore: registered new interface driver hub 

usbcore: registered new device driver usb 

ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver 

ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver 

ehci-pci 0000:00:12.2: new USB bus registered, assigned bus number 1 


usecs 
usecs 
usecs 
usecs 


La 





Figure 8: Read messages in the kernel ring buffer with dmesg. Combined with grep, it can show useful information. 





32889716 
23502664 
28873732 
524580 
5002724 


MemTotal: 
MemFree: 
MemAvailable: 
Buffers: 
Cached: 


SwapCached: (i) 
Active: 
Inactive: 
Active(anon): 
Inactive(anon) : 
Active(file): 
Inactive(file): 


4936468 
3516952 
2927472 
149988 
2008996 
3366964 
Unevictable: 84 
Mlocked: 84 
SwapTotaL: 67001340 
SwapFree: 67001340 
Dirty: 3088 
Writeback: vi) 
AnonPages: 
Mapped: 
Shmem: 
Slab: 


2882772 
2074928 
151364 
606416 
SReclaimable: 459056 
SUnreclaim: 147360 


Figure 9: Search the /proc pseudo 
filesystem for information when 
troubleshooting. 





all give more information, while --clas- 
sic (-c) is the equivalent of: 


cat /proc/scsi/scsi 


If you want the names of devices, add 
--generic (g) (Figure 7). 


dmesg 

dmesg reads the kernel ring buffer 
where messages about a system’s 
startup messages are stored, including 
information about the initialization of 
device drivers or kernel modules. Al- 
though the results can often be hit or 
miss, dmesg is sometimes an ideal place 
to start troubleshooting. With the bare 


Command Line — Hardware Information 


command, you can scroll through 
startup messages, but in most cases, it 
is more efficient to search instead. For 
instance, to find messages about USB 
devices, enter: 


dmesg | grep -i usb | less 


in which the -i option ignores letter 
cases. Note that dmesg must be run as 
root. As an alternative to dmesg, you can 
read the file /var/1og/dmesg in a text edi- 
tor (Figure 8). 


/proc 

The pseudo filesystem /proc contains in- 
formation from the kernel. It contains 
one subdirectory for each process. The 
names of the subdirectories are usually 
self-explanatory, such as cpu, cwd (cur- 
rent working directory), environ, and so 
on. You can view detailed information 
using a text viewer such as cat or less, 
or sysctl to read the contents, but be 
careful not to edit in case you crash the 
system (Figure 9). 


Isys 

The kernel creates the pseudo filesystem 

/sys to give access to devices and infor- 

mation about them. Be careful when 

working with /sys because attempting to 

edit it can seriously damage its system. It 

is safe, though, to use Is, grep, or any 

command that simply displays informa- 

tion in these subdirectories: 

e /sys/block: Information about block 
devices 

e /sys/bus: Subdirectories for each bus 

e /sys/class: All devices classes 


IN-DEPTH 
il 


e /sys/devices: The hierarchy of all de- 
vices on the system 
e /sys/firmuare: Firmware objects and 
their attributes 
e /sys/modules: Subdirectories for the 
kernel module 
You can also use sysct! to view /sys, 
but be careful - it can also edit the con- 
tents, which can result in disaster unless 
you know exactly what you are doing 
(Figure 10). 


Choosing a Tool 

This article gives only an overview of 
the available tools. Much more can be 
said about most of these tools, but the 
point is to provide a quick guide. The 
purposes of these tools often overlap, 
so if one fails to give the information 
you need, another might. Whichever 
one you choose, don’t be surprised if 
you need a search engine to fully 
understand much of the available 
information - you’re delving deeply 
into the workings of your system’s 
hardware. mmm 
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root@nanday:/sys/devices/cpu# cd /sys/devices/cpu/events 
root@nanday:/sys/devices/cpu/events# ls 


branch-instructions 


cache-misses 


(of o) Ure on eal =) 


stalled-cycles-backend 





branch-misses 


cache-references 
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stalled-cycles-frontend 
Figure 10: The /sys pseudo filesystem contains dozens of directories and files that you can search for information. 
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The Linux Magazine team has created a 
series of single volumes that give you a 
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With its immutable filesystem, rlxos prevents a broken system while simultaneously allowing 
changes via OverlayFS. By Ferdinand Thommes 


hen it comes to the Linux 
distro scene, variety is unri- 
valed. Willing Linux users 
can choose from hundreds 
of distributions. Although this delights 
die-hard distro hoppers, others might 
find it too much to handle. While many 
distributions differ only in the minor de- 
tails, the strategy behind rlxos [1], an 
immutable filesystem, is definitely not 
that of an off-the-shelf Linux distro. 
Pronounced Relax OS, rlxos is one of 
the modern Linux derivatives with a pro- 
gressive strategy (others include Fedora 
Silverblue, for example). The developers 
of Red Hat, Fedora, Endless OS, systemd, 
and the Gnome desktop see these strate- 
gies as the future of distributions, but 
this has not yet been universally ac- 
cepted in the various communities. 


Unbreakable System 

In general, these strategies envisage im- 
munizing the filesystem against vulnera- 
bility through updates by always replac- 
ing the complete image during updates. 
In tech speak, these systems are dubbed 
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immutable (i.e., unchangeable). If some- 
thing goes wrong during the update, the 
user can roll back to the previous image 
upon restarting GRUB. In addition, such 
distributions often prefer new package 
management systems, such as Flatpak or 
AppImage, over packages in the classic 
DEB and RPM formats or those main- 
tained by the re- 


in the past, but I’ll first look at how this 
modern approach affects the still very 
young rlxos. 

To follow this article, first download 
the 1.3GB image of the current rlxos 2107 
from the website [1]. There is only a 64- 
bit image, the name of which indicates 
that Gnome is used as the desktop. 





spective distribu- 
tions. 

Joining the 
ranks of immuta- 
ble distributions, 
rlxos’s basic strat- 
egy is by no 
means new: 
Changes to the 
system end up ina 
layer above the 
read-only root file- 
system and thus 
cannot be 
changed. I’ll dis- 
cuss in a moment 
where this princi- 
ple has been used 
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Figure 1: After starting rlxos, you are taken directly 
to a wizard that guides you through the installation 
in just a couple of steps. 
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Photo by Christine Donaldson on Unsplash 


OverlayFS 


OverlayFS allows a (typically writable) 
directory tree to be overlaid on top of 
another, read-only directory tree that 
usually contains the root filesystem. 
All changes are made to the upper, 
writable level. This type of mechanism 
has been around since Live CDs from 
the early days of Knoppix, but there 
are a variety of other applications. Be- 
sides OverlayFS, there are other 
union filesystems, such as the origi- 
nal UnionFS, aufs, or overlay2 used 
by Docker, with OverlayFS being the 
most powerful variant. In some re- 
spects, device mappers, ZFS, and 
Btrfs are also part of this genre, even 
if their use seems rather marginal in 
this context because they are used 
entirely for storage purposes. 


Launched last year as Releax OS, rlxos is 
not based on any other distribution; it 
was created from scratch and uses Way- 
land as the default session type. 


Relax! 

Not designed as a Live distribution, rlxos 
boots directly into a graphical installer 
(Figure 1). Presumably, there is no Live 
version because rlxos in its installed 
form, with an overlay system over the 
immutable root filesystem, uses the 
same mechanism that Live media use to 
save changes to the system. Therefore, 
rlxos is always effectively going to be a 
Live system with persistence. For an ex- 
planation of how this overlay mecha- 
nism works, see the “OverlayFS” box. 

The installer first prompts you to 
choose a partition. After pressing the 
Partition button, GParted opens. You can 
then create a new partition if required. 
Pressing Next then takes you to the parti- 
tion selection and, in the next step, to 
boot device selection. Then, rlxos is 
ready for installation. 

At this point, make sure you don’t 
blink, or you will miss the system 
setup. In my case, the installation took 
all of 12 seconds on a machine with a 
fast Ryzen 7 CPU by AMD, which can 
be explained by the fact that, due to the 
principle involved, this is not a real in- 
stallation. The installer (in simple 
terms) just creates the filesystem and 
writes the system image compressed by 
SquashFS to it, before proceeding to 
start the image. As a result, rlxos does 





rlxos 





Vice 


Welcome to rixos 





Figure 2: The welcome tour, which is almost obligatory nowadays, 
guides you through the final steps of the installation. Afterwards, take 
a look at the useful documentation, which introduces you to using 


rlxos. 


not consume more than the 1.3GB 
taken up by the image itself. 


Welcome 
After the obligatory reboot, you will see 
the familiar Gnome welcome screen 
(Figure 2), which completes the installa- 
tion in a few steps with information 
about the keyboard layout and time 
zone, as well as creating a user account. 
In my lab, I also included a Nextcloud 
instance, which I was later able to open 
in the file manager without any prob- 
lems (Figure 3). 

After the process completes, you will 
find yourself in a customized Gnome en- 
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Figure 3: During the welcome tour, you have the opportunity to 


vironment that has a taskbar using 
Gnome’s Dash to Panel extension at the 
bottom (Figure 4). Qogir is used as the 
theme and icon set. 

Next, you can take another welcome 
tour, which points out that rlxos natively 
supports the AppImage package format. 
In addition to AppImages, rlxos can han- 
dle Flatpaks and Snaps, although it does 
not preinstall the required frameworks. 

I found the welcome tour a tad too su- 
perficial for a distribution that deviates 
from the norm and would definitely rec- 
ommend reading the documentation [2], 
as well as visiting GitHub [3], where the 
project is maintained. The rlxos blog [4] 
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integrate online services. This worked smoothly in with my Nextcloud 


instance. 
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gure 4: The desktop looks modern and tidy. At the bottom you can 
see the Gnome Dash to Panel extension. 


gives you further insights. For exam- 
ple, it introduces the built-in package 
manager, PKGUPD [5], and explains 
how to mount rlxos directly from a pre- 
viously installed Linux distro without 
the installer [6]. 


App Grid 

On the desktop, which rlxos finally lets 
you access after completing the tour 
through the special features, the upper 
edge remains empty at first. It is only 
after pressing the button on the far left 


Remmina 


View applications 


44. 


Avahi SSH 


Image Vie.. 


of the taskbar that the familiar app grid 
view appears (Figure 5). If you only 
need the search mask, just click on the 
three dots bottom left. The bar contains 
six entries by default. If you have more 
apps open, it expands to the right and 
left when you mouse over the first and 
last visible entries. The system tray is on 
the far right. Further predefined add-ons 
can be enabled in the settings in the Ex- 
tensions menu. 

The offered selection of preinstalled 
applications is typical of Gnome, al- 


O ff = 


Avahi VN 


jo] a * 


Settings 


Shotwell Screenshot 


Power St... 


J 


Contacts Music 


System M. Calculator Terminal 


Frequent 


@ 0 G 


I 5: The app grid, which you may be familiar with from Gnome, can be reached by clicking on the icon 
with the nine dots located on the left in the taskbar. 


Extensions 


though not as extensive as, say, Fedora 
or Ubuntu. For example, the Gnome 
Software application manager is miss- 
ing, but it wouldn’t really make much 
sense here. You will find at least one 
app for each of the usual application 
scenarios, such as browsing, music, 
videos, or image editing. For example, 
rlxos includes the Web browser, the 
Evolution mail and calendar app, the 
Totem video player, and the Shotwell 
photo manager. In addition, there are 
the system apps familiar from Gnome. 
As an init system, rlxos relies on sys- 
temd, and it uses kernel 5.8. 


App Control 

Rlxos has no graphical package man- 
ager. The appctl front end is available 
for the terminal and behaves much 
like Apt or DNF, accessing a reposi- 
tory with around 800 applications. 
However, you can also include third- 
party repositories [7], as revealed in 
the documentation. For example, you 
could choose the Nano editor, which 
is missing from the rlxos repo, instead 
of the preinstalled Vim. Table 1 lists 
the most important commands for op- 
erating appctl. You can access help for 
the commands by typing appct! in the 
terminal. 
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After installing a fresh rlxos, you Table 1: Working with appctl 
will fist want to check whether the 
system can be updated by typing sudo appctl sync Synchronize repositories 
sudo appct] install PACKAGE Install packages 
sudorepEcu pubdate sudo appct] remove PACKAGE Remove packages 
, . ; . sudo appct] info PACKAGE Retrieve information about a package 
in a terminal (Figure 6). If, unlike my ex- , . p 2 
. : : sudo appct] depends PACKAGE List the dependencies for a package 
perience, an update is available, then ex- ; iaice / i 
ecute the commands shown in the last see ane - eagle dels 
sudo appct] search PACKAGE Search for a package 





two lines of Listing 1. You can decide at 
the next reboot whether you want to 
start the new or the old image. Terminal 

Alternatively, to update the system, dd@rlxos ~ $ sudo appctl update 
copy an updated system image from 
he official Bai ar We trust you have received the usual lecture from the local System 
the official website to run/initramfs/ Administrator. It usually boils down to these three things: 
rlxos/system/ and then update the 
GRUB configuration. Even then, you aT) Hespeck the peeves “OF Sears 

¥ ; #2) Think before you type. 

can boot the different versions (all re- #3) With great power comes great responsibility. 
siding in one partition) from GRUB as 
needed. If you run rlxos as a dual or 


[sudo] password for dd: 
syncing rlxpkg 
multiboot system, the osprober pack- syncing core 


system is already updated 


age must be installed. Niavixos » 4 


Universal Package Formats 
Although the developers claim AppIm- 
age is supported, I had some problems _ Figure 6: Similar to updating on Debian, you can trigger an update on 








with the AppImage format in testing. rlxos with the built-in package manager PKGUPD via appct1. 
No matter where the packages came 
from, they could not be persuaded Listing 1: Updating rlxos 


to start, although I had made the 
packages executable using: 


$ sudo appctl update 
$ sudo mount /run/initramfs/boot /boot --bind 


$ sudo update-grub 
sudo chmod a+x PACKAGE 
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Figure 7: Installing Flatpaks works like a charm. After installing the framework, the connection to Flathub, 
the Flatpak store, is already in place. 
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There was supposedly an app missing. 
After some rummaging around, I dis- 

covered that FUSE was not installed. I 

quickly remedied that by typing: 


sudo appctl install fuse3 


After a reboot, I could launch the down- 
loaded AppImages. To include them in 
the app grid, I had to call the appimaged 
command, which takes care of the inte- 
gration and includes downloaded App- 
Images in the future after the first launch. 

I had no problems integrating Flatpak. 
The framework was quickly installed on 
my disk by typing: 


sudo appctl install flatpak 


and already integrated Flathub. I then 
only had to execute the Flatpak reference 


files downloaded from there. As an ex- 
ample, I downloaded the Atom editor 
and installed it with the command: 


flatpak install flathub io.ato.Atom 


After that, Atom was immediately avail- 
able for use (Figure 7). I did not test Snap. 


Conclusions and Outlook 
Positives first: rlxos is fun, installs in no 
time, and also runs fast. The Gnome 
shell is inviting to work with because it 
does not follow the Gnome developers’ 
somewhat unrealistic design philosophy. 
If you have no ideological problems with 
Flatpak and AppImage, you can work 
well with rlxos and don’t need to be 
afraid of breaking your system. 

The rlxos website used to have its own 
own AppImage app store, called Bazaar [8], 





Back 


Not just yet another Linux Di 


rlxbot 
Asimple yet efficient virtual 
assistant 
chatbot whom you can train. 


Learn More 





Figure 8: The welcome tour offers a 


Welcome Tour 


Li 


And ALot More Yet To Come 


Ayet another programming language 
thatis easy to learn and fun to code 


Learn More 


Next 


istro, Our Aim is to do lot more. 


Below are some upcomming projects that can be included in rlxos 


© a 


U) 


health 
Asystem health monitor that inspect 
on system health. 
Learn More 


src 








So, 1.Aug 9:26A.M. 


preview of imminent changes in rlxos. 


but it only contained four apps, and it ap- 
pears the store is now missing from the 
site. You can, however, find plenty of Ap- 
pImages at AppImageHub [9] and the 
GitHub store [10]. The integration of 
Image still needs some fine-tuning. The 
rlxos developers need to simplify the 
GRUB update after installing a new image 
to a single short command or provide in- 
tegration at the push of a button. 

The welcome tour offers a preview of 
what is to come (Figure 8), including a 
virtual assistant called rlxbot, the src pro- 
gramming language derived from JavaS- 
cript, and a system monitor dubbed 
health, which keeps an eye on the sys- 
tem’s operating status. Judging by the 
very young age of the distribution, it is in 
surprisingly good shape, considering that 
the developers are building rlxos from 
scratch. If development continues at this 
brisk pace, we’ll definitely be relaxing 
with rlxos again in a year or two. 555 


Info 
[1] 
[2] 
[3] 
[4] 
[5] 


rlxos: https://rlxos.dev 
Documentation: https://docs.rlxos.dev 
GitHub: https:/github.com/rlxos 
rlxos blog: https://blog.rlxos.dev 
PKGUPD: 
https://blog.rlxos.dev/01-introduction- 
to-pkgupd-ckr1s6kxpOffhqus 1b4fyeelr 
[6] Installation variant: https:/blog.rlxos. 
dev/installing-rlxos-from-any-other- 
already-installed-linux-distribution- 
ckqi52gk903m77ts 12ykg86ve 
Repositories: https://docs.rlxos.dev/ 
package-management/appctl 


[7] 


[8] 
[9] 


Bazaar: https://rlxos.dev/apps 


AppImageHub: https:/www. 
appimagehub.com/ 


[10] GitHub store: 
https://appimage.github.io/apps/ 
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Monitor hard disk usage with Go 


Hard Disk 
Dashboard 


To keep an eye on the remaining disk space during storage- 
intensive operations, you can check out this speedometer/ 






odometer written in Go. 
By Mike Schilli 


torage-hungry applications such 

as video-editing software gobble 

up disk capacity like a massive 

vacuum cleaner: Before you 
know it, everything has been used up. In 
situations such as this, incorrectly pro- 
grammed software tends to crash, and 
all the time you invested in your current 
project is irretrievably lost. If you take 
precautions up front, you can avoid 
headaches later on. 

How about a constantly updated dis- 
play of the remaining space on a dash- 
board-like instrument on the desktop, 
where you can see out of the corner of 
your eye how much disk space is 
wasted by an action that has just been 
triggered, such as rendering a video? 
You can write something like this 
quickly in Go. 


On the Dashboard 


A car’s dashboard shows the current 
speed as well as the mileage. If you 


Author 

Mike Schilli works as a 

software engineer in the 

San Francisco Bay area, 

California. Each month 

in his column, which has 

been running since 1997, 

he researches practical applications of 
various programming languages. If you 
email him at mschilli@perlmeister.com 
he will gladly answer any questions. 
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apply this to hard disks, the car’s mile- 
age reading becomes the total disk 
space consumed. Similarly, where in a 
car the speedometer needle shows the 
current speed, in the hard disk uni- 
verse, the needle measures the space 
consumed per unit of time. The anal- 
ogy for a storage-hungry application 
would be a speeding traffic offender, if 
you like. 

Figures 1 and 2 show the terminal out- 
put from the finished Go program, Disk 
Speedo (or dftop). At the top, a progress 
bar illustrates the amount of disk space 
used thus far (in this case, 35 percent). 
At the bottom, a speedometer needle im- 
plemented as a pie chart indicates 
whether space is disappearing (red) or 
coming back (green) and how fast this is 
happening. At a simulated speed of 0 to 
100, the needle of this somewhat un- 
usual instrument starts at the bottom of 
the circle and then moves upwards in a 
counter-clockwise direction. Figure 1 
shows a write speed of 35; Figure 2 
shows a delete action at a speed of 65. 
At a speed of 100, the circle would be 
completely filled with the corresponding 
color, red or green. 


Avoid Shell Calls 

To determine the remaining space on a 
data volume, the program could repeat- 
edly call the df shell function. But this 
would waste valuable resources, be- 
cause the shell would have to start a 


new df process each time. Fortunately, 
the nifty statfs programming interface 
({1] on Unix systems reports the total 
number of blocks provided on the cor- 
responding mount as well as the blocks 
on the storage medium that are still un- 
occupied, without needing to call any 
shell utilities. 

The Go interface for statfs gives you 
the total number of free blocks with 
Bfree() and the subset of free blocks 
that the non-root user can occupy with 
Bavail(). Multiplying these numbers 
by the block size defined on the stor- 
age medium as Bsize() gives you the 
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Figure 1: The disk is 39 percent 
occupied, and a write is 
consuming more space. 





Lead Image © Author, 123RF.com 


IN-DEPTH 


Programming Snapshot - Disk Speedo SEHR 





Disk Speedo v1.0 














Figure 2: The green speedometer 
indicates a deletion, which frees 
up disk space. 


remaining storage space in tera-, giga-, 
or whatever-bytes. 

The space() function from line 61 in 
Listing 1 [2] determines the utilization of 
the storage medium and returns values for 
the number of occupied blocks, as well as 
their total number on a particular volume. 
If an error occurs when determining the 
capacity, space() pass it back as the third 
return value to the calling main program. 


Listing 1: df top. go 
01 package main 
02 import ( 
03 "container/ring" 


o4 "golang.org/x/sys/unix" 


05 "os" 
06 "time" 
07 +) 

leks} 


o9 func main() { 


10 wd, err := os.Getwd() 


alas if err != nil { 
12 panic(err) 

18 4} 

14 


15 ui := NewUI() 

16 ui.Update(0, 0.0) 
17  uidone := ui.Run() 
18 defer ui.Close() 


19 xr := ring.New(2) 


20 

21 fon 4 

22 used, total, err := space(wd) 
23 if err != nil { 


0x00 


0x12 
90x0 






% 
io) 


keyboard 
processor reading 


read pointer 0x02 
write pointer 0x04 


30x0 











Figure 3: A ring buffer automatically overwrites old and obsolete 
values. Wikipedia, CC BY-SA 4.0 


But which hard disk’s capacity will the Storage in a Circle 
program actually measure on a system The speed at which the hard disk fills up 
with multiple storage media? Depending is defined by the difference between two 
on the directory from which you call the measurements of the fill level at different 
speedometer, it will display the space on times divided by the time elapsed be- 
the hard disk it is residing on. tween them. 
24 panic(err) a7 
25 } 48 s := floaté4(int( 
26 49 r.Value. (uinté64)- 
et BONEMUS = WES! 50 r.Prev().Value.(uint64))) / 
28 p := used * 100 / total 
57 maxSpeed 
29 ui.Update(int(p), speed(r)) 
52 
30 r = r.Next() 
53 ifs > 1 { 
el 
32 select { aS gaa 
33 case <-uidone: 55 } else if s< -1{ 
34 return 56 Saat 
35 case <-time.After( he } 
36 1 * time.Second): 58 returns 
om continue 59 } 
38 } 66 
39 } G : 
61 func space(dir string) ( 
40 } 
62 uint6é4, uint64, error) { 
41 


63 var stat unix.Statfs_t 
42 const maxSpeed = 100000 


64 err := unix.Statfs(dir, &stat) 
44 func speed(r *ring.Ring) floate4 { 65 return stat.Blocks - 
45 if r.Prev().Value == nil { 66 stat.Bfree, stat.Blocks, err 


46 return 0 67 } 
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To do this, the program needs to store 
one or more past measurements in order 
to determine the delta to the currently 
measured value. This could be imple- 
mented using separate variables, but a 
ring buffer (Figure 3) of the container/ 
ring type from the Go standard library 
does this in an elegant way without 
much code. 

The ring buffer stores new values in 
r. Value, in sequence, in points that lie 
on a circular path. r.Next() moves to the 
next point, and r.Prev() goes back to the 
previous one. If the algorithm arrives at 
the first point again at some point on its 


Listing 2: ui. go 

01 package main 

02 import ( 

03 "math" 

04 tui "github.com/gizak/termui/v3" 

05 "github.com/gizak/termui/v3/widgets" 

06 ) 

07 type UI struct { 

08 Gauge *widgets.Gauge 

09 Pie *widgets.PieChart 
10 Head *widgets.Paragraph 


aalest 

12 

13 fune NewUI() *UI { 

14 h := widgets.NewParagraph() 

15 h.TextStyle.Fg = tui.ColorBlack 
16 h.SetRect(6, 1, 30, 2) 

aly h.Text = "Disk Speedo v1.0" 

18 h.Border = false 

19 g := widgets.NewGauge() 

20 g.SetRect(2, 2, 28, 5) 

al g.Percent = 0 

ae, g.BarColor = tui.ColorRed 

23 p := widgets.NewPieChart() 

24 p.SetRect(-10, 5, 40, 20) 

25 p.Border = false 

26 p.Data = fract(0) 

27  p.AngleOffset = -1.5 * math.Pi 


28 return &UI{Gauge: g, 
29 Pie: p, Head: h} 


31 
32 func (ui UI) Run() chan bool { 


33 done := make(chan bool) 

34 err := tui.Init() 

35 if err != nil { 

36 panic("termui init failed") 
37 u 

38 


39 go func() { 


40 events := tui.PollEvents() 
41 for! -{ 


Disk Speedo 


circular path, it simply overwrites it. A 
ring buffer can only ever access the N 
most recent values, but it does not clut- 
ter the system’s memory with irrelevant 
values from the past. A ring buffer cre- 
ated as shown in line 19 (Listing 1) with 
only two entries certainly does not lever- 
age the data structure’s full potential, 
but if desired, you can expand the buffer 
to include more entries for averaging 
and smoothing the display. 

The speed() function starting in line 44 
computes the current filling speed of the 
storage medium using this procedure. If 
the ring buffer does not yet carry two 


values because the algorithm just started 
out, the speed cannot yet be determined 
and line 46 returns the value 8. 


Signed vs. Unsigned 
The Statfs() function returns the re- 
maining disk space in line 64 as uinté4, 
(i.e., as an unsigned 64-bit integer that 
can never assume a negative value). 
However, the difference between two of 
these values can definitely be negative. 
If you simply subtract both values 
from each other, you might be surprised 
to see that Go (like other languages) re- 
turns absolutely insane values for the 


42 select { 

43 case e := <-events: 
44 switch e.ID { 

45 case: Mgt, 2<G-e5"2 
46 done <- true 
47 return 

48 } 

49 } 

50 } 

51 }() 

52 return done 

53 } 

54 


55 func (ui UI) Close() { 


56 tui.Close() 
57 } 
58 


59 func (ui UI) Update( 


60 level int, 


61 speed float64) { 
62 ui.Gauge. Percent 


63 ui.Pie.Colors 


= level 


{]tui.Color{ 


64 tui.ColorBlack, tui.ColorRed} 


65 if speed < o { 


66 ui.Pie.Colors[1] = 
67 tui.ColorGreen 
68 speed = -speed 

69 +} 


70 ui.Pie.Data = 


fract (speed) 


walt tui.Render(ui.Head, ui.Gauge, 


72 ui.Pie) 
73 } 
74 


75 func fract( 


76 val floaté4) []floate4 { 


iA num := 


78 denom := 


(1 - val) * 100 


val * 100 


79 return []float64{num, denom} 


80 } 


difference if the subtrahend (the number 
we’re subtracting) turns out to be larger 
than the minuend (the number we’re 
subtracting from). The result should be 
negative in this case, but instead you get 
very large positive values. Without any 
help, Go assumes that the result of an 
operation with two unsigned integers is 
also an unsigned integer. The solution: 
Typecasting with int(x-y) makes it clear 
to Go that the result of the difference of 
two uinté4 values x and y is in fact a 
signed value. 

But before line 51 divides the differ- 
ence by an empirically determined value 
of 100,000, resulting in a floating point 
value between @ and 1 for the average 
disk performance, line 48 first needs to 
convert the result type to float64. Now, 
if the velocity is greater than 1 or less 
than -1, the if-else construct from line 53 
squashes it into the range between -1 
and +1. 

All that remains for the main program 
in Listing 1 to do is to determine the cur- 
rent directory (line 10), start the user in- 
terface (UI) (line 17), and close it in any 
situation with the defer statement in line 
18 as soon as the main program stops 
running. 


On the Screen 

Listing 2 shows how the program con- 
jures up the UI with the speedometer 
display in a terminal window using the 
tried and tested termui project from 
GitHub. It defines three stacked widgets: 
a paragraph widget to display the pro- 
gram name Disk Speedo v1.8, a progress 
bar of the Gauge type, and a pie chart of 
the PieChart type that forms the speed- 
ometer. 

The NewUI() constructor from line 13 
defines the widgets, including their di- 
mensions, geometric positions, and col- 
ored bits, and returns an initialized 
structure of the UI type (defined in line 
7). The main program uses this later to 
call method-style functions such as Run() 
(from line 32) and to give them the con- 
text of the previously initialized widgets 
- object orientation Go-style. 
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Listening on the Channels 
The Run() function from line 32 on- 
wards starts the termui interface in a 
parallel Goroutine from line 39 onwards. 
Like every UI, it also continuously deliv- 
ers events such as keystrokes or mouse 
clicks that need to be intercepted and 
processed in order to give the illusion of 
a seamless user interaction. 

The infinite loop from line 41 waits 
with its select statement for the user to 
press either Q or Ctrl+C. In this case, it 
sends the value true into a newly cre- 
ated channel, done, to the listening main 
program, causing it to stop all opera- 
tions. To do this, the main program si- 
multaneously monitors - in the select 
statement from line 32 of Listing 1 - 
whether the UI has reported the end of 
the program or, alternatively, the ticking 
seconds timer (Listing 1, line 35) has ex- 
pired. If the timer has expired, the pro- 
gram moves on to the next round, 
fetches new values for the disk fill level, 
and displays them. 

In general terms, Listing 2 abstracts 
the features of the termui library and en- 
capsulates them from the main flow. 
When it’s time to pack up shop, the 
main program simply calls the Close() 
function (Listing 2 from line 55) to wrap 
up the terminal UI, which in turn trig- 
gers a Close() call in the termui library. 


Bright Paint 

The Update() function, which Listing 2 
defines starting in line 59, writes new val- 
ues to the display. It expects two values: 
the fill level of the hard disk as an integer 
and the measured fill speed as a f loat64 
value. It passes the fill level to the Gauge 
widget of the termui library in line 62 and 
the fill speed to the pie chart in ui.Pie. 

To make the pie chart paint a positive 
fill speed in red and a negative one in 
green, lines 63 and 64 sets the colors of 
the slices in the pie chart to black and 
red, and lines 66 and 67 modifies the 
second color to green in case of a nega- 
tive speed. Because the graph only pro- 
cesses positive values, line 68 reverses 
the sign of the negative velocities after 


Listing 3: Compiling 
$ go mod init dftop 
$ go mod tidy 


$ go build dftop.go ui.go 


the color has been adjusted. The termui 
Render function paints all three widgets 
onto the terminal’s canvas in lines 71 
and 72, refreshing the display at inter- 
vals of one second. 

Now how does the pie chart paint the 
speedometer reading based on a float- 
ing-point value for speed between 0 and 
1? It does this by calling the fract() 
function starting in line 75, which - in 
turn - produces a fraction using the for- 
mula (1-val)/val, which yields the ratio 
of the speed’s colored area (green or red) 
divided by the size of the black area. For 
percentage values, lines 77 and 78 also 
multiply the numerator and denomina- 
tor values by 100. 

In this way, for a floating-point value 
of 8.35, for example, fract() returns 
@.65*188 and @.35*180, (i.e., 65 and 35). 
Consequently, the red speedometer seg- 
ment shown (see Figure 1) occupies 
about one third of the total circle, and 
the remaining two thirds are left black 
on the left side. 


Build Time! 


You can compile the whole enchilada 
with the calls from Listing 3, which re- 
trieve the termui UI and its dependencies 
from GitHub and then go ahead to build 
the dftop binary. When invoking the fin- 
ished program from the command line, 
Listing 3 produces the output from Fig- 
ures 1 and 2. If you run dftop in a win- 
dow in a corner of your desktop, you can 
keep an eye on your remaining hard disk 
capacity, and prevent overfilling before 
it’s too late. HEE 


Info 

[1] statfs: https://man7.org/linux/ 
man-pages/man2/statfs.2.html 

[2] Listings for this article: ftp-//ftp. 
linux-magazine.com/pub/listings/ 
linux-magazine.com/253/ 
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Monitor your media with Hard Disk ittinel 


Ag 


ile Controller. 


Hard Disk Sentinel helps you monitor mass storage devices with a fully automated process minus the 


bells and whistles. By Erik Barwalat 


ass storage devices are taking 

on an increasingly central 

role in modern PCs due to 

the daily increasing flood of 
data. This makes it all the more impor- 
tant for users in the private sector and in 
the enterprise to keep an eye on the stor- 
age systems installed in their computers, 
to avoid data loss due to defects or over- 
heating. The Hard Disk Sentinel [1] pro- 
gram helps you keep a permanent eye on 
the data media so that you always have 
a current status for your mass storage 
devices. 


Software 
Hard Disk Sentinel, which originates from 
Hungary, has become the industry stan- 
dard in the field of professional mass stor- 
age maintenance on non-Linux operating 
systems over the past 10 years. The propri- 
etary software is available, for a fee, in sev- 
eral versions for these operating systems. 
For Linux, there is a free variant that 
continually monitors important operat- 
ing parameters of the mass storage de- 
vices [2]. The variant is available for 
both 32- and 64-bit systems. The two 
packed tar archives, around 2.5MB each, 
are available for download from the 
manufacturer’s website. 
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In addition, the developers offer a 
version for the command line for com- 
puters without a graphical user inter- 
face (GUI) [3]. Numerous parameters 
enable queries here, and some of them 
are useful for documenting the hard- 
ware status. 


Installation 

After downloading the archive for your 
system, unzip it to any directory. This 
will create the new HDSentinel_GUI/ 
folder where you will find several files 
and another ZIP archive. Now call the 
./install.sh command in the terminal 
in this directory. The script installs and 
configures the software after you enter 
the appropriate authentication. 

After the install, you will find a Hard 
Disk Sentinel GUI entry in your desktop 
program menu. When launched, the 
software first prompts you for your pass- 
word to adopt your privileges with Sudo. 
It then scans the system for mass storage 
devices. The list includes conventional 
PATA and SATA devices as well as mod- 
ern NVMe media. 

Older storage devices that you connect 
to the system via the PCle bus and that re- 
quire special firmware are also correctly 
identified by the tool. Even memory card 


readers and removable media connected 
via USB appear in the Overview (Figure 1). 

In the Overview, you will see the 
basic data and the status of the active 
drive: The software shows the current 
and maximum temperature as well as 
the operating hours. Hard Disk Sentinel 
also gives you information about the 
current overall status of the drive ina 
small text box. 

If the values for the temperature tend 
to fluctuate, you can manually refresh 
the display by pressing Refresh. Based on 
the SMART values, the tool also deter- 
mines the lifetime of the respective 
drive. Of course, this value is generally 
only of limited significance because it is 
based on manufacturers’ estimates. 

Hard Disk Sentinel differentiates be- 
tween solid-state drives (SSDs) and con- 
ventional disks. In the case of SSDs, Hard 
Disk Sentinel does not indicate the ex- 
pected operating life but rather the capac- 
ity in gigabytes that the active drive can 


still handle in transfer scenarios (Figure 2). S 


The application marks problematic 
status values with an exclamation mark 
in a yellow triangle (instead of a check 
mark in a green box) to the left of the re- 


spective status bar. In the text field, Hard 8 


Disk Sentinel also displays hints as to 
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Figure 1: The user interface is purpose-built. 
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Figure 2: For modern SSD drives, the tool checks how many write cycles 
the media can potentially handle. 
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Figure 3: Because of incomplete controller firmware, Hard Disk Sentinel 
cannot monitor removable flash media. 
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what actions are required (if any) on 
your part to avoid an imminent failure of 
the drive. 


Exceptions 

The controllers for most current flash 
storage devices such as USB media, 
(micro) SD cards, or the CompactFlash 
cards that are gradually going out of 
fashion do not implement the SMART 
command set. As a result, Hard Disk 
Sentinel identifies these devices but can- 
not read and display operating data. The 
corresponding fields therefore remain 
empty for these media (Figure 3). 


System Tray 

After startup, the application places a 
small icon in the system tray of your 
desktop environment. The icon indicates 
the temperature of the active mass stor- 
age device with a green background for 
tolerable values and a red background if 
temperatures are too high. 

In the icon’s context menu, you can 
select the Show main window option to 
restore the minimized program window 
to the foreground. The Exit option closes 
the tool and also removes it from the 
system tray. 


At the Prompt 

Professional server systems usually do 
not have a GUI; administration is usu- 
ally via a secure connection in the shell. 
For admins and desktop users who pre- 
fer to use command-line tools, the de- 
velopers of Hard Disk Sentinel offer a 
command line variant of the tool that 
offers the same feature set as the GUI 
version. You control the tool with a set 
of call parameters. The command-line 
version lets you document the status of 
mass storage devices via a report gener- 
ation routine with 32- and 64-bit vari- 
ants are available. 

Unfortunately, an error has crept into 
the installation description of the latest 
version, 0.19, which makes using the 
software more difficult. Because the de- 
velopers accidentally packed the GZIP ar- 
chive offered for download twice, you 
first need to unpack the archive with the 
integrated graphical front end of your 
working environment. The second ar- 
chive created by this step then also needs 
to be unpacked. However, many front 
ends do not recognize the different for- 
mat, which is why I would recommend 








IN-DEPTH 
BBEES Hard Disk Sentinel 


Listing 1: Setup and Start using a professional program for handling 
01 $ sudo chmod 755 HDSentinel archives, such as PeaZip. 
The unpacked archive contains only 


Cee ee ee the executable file, HDSentinel, to which 





root@hp-Z600: /home/erik/Downloads# ./HDSentinel -dev /dev/sda 
Hard Disk Sentinel for LINUX console 0.19b.9986 (c) 2021 info@hdsentinel.com 
Start with -r [reportfile] to save data to report, -h for help 


Examining hard disk configuration ... 


HDD Device 0: /dev/sda 

HDD Model ID : Hitachi HUA723020ALA641 

HDD Serial No: YFHS8NYD 

HDD Revision : MK70A840 

HDD Size : 1907729 MB 

Interface : S-ATA Gen3, 6 Gbps 

Temperature : 38 °C 

Highest Temp.: 46 °C 

Health : 100 % 

Performance : 100 % 

Power on time: 869 days, 15 hours 

Est. lifetime: more than 955 days 
The hard disk status is PERFECT. Problematic or weak sectors were not found 
and there are no spin up or data transfer errors. 








No actions needed. 





Figure 4: The command-line version shown here displays the essential 
status data for a disk in the terminal. 


























Hard Disk Sentinel - Mozilla Firefox wD ) 
Hard Disk Sentinel x } S12 
© +> @ | 0D file:///home/erik/Downloads/report.html © | | Q Suchen ono M6 @ = 
Hard Disk Sentinel 
www.hdsentinel.com 
General Information 
Application Information 
Installed Version : Hard Disk Sentinel 0.19b 
Current Date And Time : 11-7-21 18:44:54 
Computer Information 
Computer Name H hp-Z600 
MAC Address : 4:ec:38:a3:87:0f 
System Information 
OS Version : Linux : 5.8.0-59-generic (#66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021) 
Process ID : 5027 
Uptime : 6452 sec (0 days, 1 hours, 47 min, 32 sec) 








Physical Disk Information - Disk: #0: Hitachi HUA723020ALA641 





Hard Disk Summary 


Hard Disk Number : o 


Hard Disk Device : Idevisdb 

Interface :  S-ATA Gen3, 6 Gbps 

Hard Disk Model ID : Hitachi HUA723020ALA641 
Firmware Revision > MK70A840 

Hard Disk Serial Number :  YFG67SAA 

Total Size :  1907729MB 

Current Temperature : 38°C (100°F) 

Maximum Temperature (during Entire Lifespan) : 45°C (113 °F) 

Power On Time : 1018 days, 17 hours 
Estimated Remaining Lifetime : more than 806 days 

Health a 100 % (Excellent) 


Performance es 100 % (Excellent) 

















ATA Information 





Figure 5: The report in HTML format documents the status of a mass 
storage device and the interfaces in detail. 


you need to assign execute permissions 
before you can use the command shown 
in line 1 of Listing 1. Then invoke the 
software by entering the command from 
line 2 of Listing 1. 

You will find more information about 
the parameters and how to use them on 
Hard Disk Sentinel’s website. Figure 4 
shows examples of the output in a termi- 
nal or on the console. 

If required, you can also create reports 
in text, HTML, or XML format that docu- 
ment the health state of a mass storage 
device. The command-line tool also offers 
parameters to let you do this (Figure 5). 
The report in HTML format is far more 
detailed than the information displayed 
by the graphical front end. 

In this way, you can both document 
the implemented features of the respec- 
tive interfaces and generate a SMART 
table with the current values. As an ad- 
ministrator, you can use the values to 
proactively discover data carriers that 
are candidates for replacement. 


Conclusions 

The compact Hard Disk Sentinel tool is 
dedicated to monitoring the state of the 
mass storage devices in a system. The 
user interface and the context menu 
focus on the essentials. The application 
is frugal in its use of resources and pro- 
vides a quick overview of all mass stor- 
age devices with the help of a few icons 
and short explanations. 

Hard Disk Sentinel displays flash 
drives connected to the computer’s 
USB ports but cannot read out status 
values. You can select multiple disks 
installed in the system in the GUI, one 
after the other, to keep an eye on the 
entire subsystem without detours. You 
will not want to do without Hard Disk 
Sentinel on any system with important 
data files. mmm 


Info 
[1] Hard Disk Sentinel: 
https:/www.hdsentinel.com 


[2] Linux version with GUI: 
https:/www.hdsentinel.com/hard_ 
disk_sentinel_linux_gui.php 

[3] Command-line version: 
https:/www.hdsentinel.com/hard_ 
disk_sentinel_linux.php 
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If you're tired of the privacy problems and feature bloat of 
high-end note-taking utilities, try rolling your own. 


By Stuart Houghton 


or many people, online note- 

taking and time management 

tools are useful and some- 

times essential, but they 
come with a potential privacy cost. I 
decided to try to build a usable re- 
placement for the services I had come 
to rely on using some simple Linux 
tools and a Raspberry Pi. 

If you are like me, your phone is a 
constant companion in both work and 
free time. I work as a sys admin and 
part-time writer, and I have come to rely 
on “free” note-taking apps to keep track 
of work, jot down ideas, and generally 
manage my life. I started out with the 
now-defunct Catch Notes in the early 
‘00s; the ability to write a quick note on 
my phone and have near-instant access 
to it on my PC via a browser (and vice- 
versa) made Catch Notes an invaluable 
tool. I could write a note on my phone, 
then open it on the PC to paste it into a 
document or follow a link, without hav- 
ing to manually save or import anything 
on either platform. Being able to add a 
simple reminder to to-do items was 
handy too. 

Sadly, Catch Notes went the way of 
so many ‘00s startups and shut down. 
Forced to look elsewhere, I exported 
my notes and imported them into Ever- 
note. Although Evernote was undeni- 
ably useful, it was a noticeably more 


commercial tool that was moving away 
from the simplicity I craved. Moreover, 
it began to worry me that my data - my 
precious shopping lists, ideas for a 
novel, and other random jottings (but 
nevertheless MY data) - was being held 
on someone else’s computer and could 
in theory be lost if Evernote went out 
of business. 

When Evernote announced a change 
to their subscription model that would 
restrict the number of devices from 
which I could access my notes, I de- 
cided enough was enough and re- 
solved to take back control of my 
notes. But how? 

Several options are available for self- 
hosting note-taking apps, including pow- 
erful suites such as Nextcloud and so- 
phisticated notebook apps such as Jop- 
lin. However, these tools were either 
overkill (I didn’t need an entire group- 
ware suite such as Nextcloud just to use 
one notes plugin) or too inflexible and 
tied to certain apps or platforms. | felt 
certain that most, if not all, of what I 
needed probably existed on my Linux PC 
already. I just needed to tie the pieces to- 
gether, the Unix way. 


File Format 

Choosing a file format was crucial. I pre- 
fer to use plain text wherever possible, 
as you can find a text editor on pretty 


Photo by Robert Anasch on Unsplash 
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much any platform and it can easily be 
converted to other formats if required. In 
order to give more options for formatting 
and embedding links, I decided to use 
Markdown, which allows me to add sim- 
ple formatting such as italics and bold 
text by adding asterisks around words or 
mark some lines as headings with a #, 
for example. 


Storage 

I could see some advantages to storing 
notes in a database (fast indexing and 
searching, for example), but for me, the 
benefits of a database were outweighed 
by the simplicity of storing notes as plain 
files in a directory tree. A tree of text 
files is still searchable, and it fits my re- 
quirement for not being tied to any par- 
ticular platform. I could easily run an 
SQL database on my Linux PC but not so 
much on my phone. 

So, notes are stored in a folder called 
Notes as plain text files. Subfolders un- 
derneath Notes allow me to stick notes in 
categories, if required, as follows: 


Notes 
Important 
Writing 
Ideas 


Organizing 


For physical storage, I decided to use a 
Raspberry Pi server that I run with a USB 
drive plugged in for extra space. The Pi’s 
main job is a home media server, but it 


Listing 1: Nudgebot 
001 #! /usr/bin/python3 
002 # nudgebot 


003 # stuart houghton 2021 


also runs a simple lighttpd web server 
that I use for various projects. In this 
case, though, all it needs to do is store 
the Notes folder and sync with the other 
platforms that I use. 


Synchronizing 

To sync data between the Pi, my laptop, 
and my phone, I decided to use Sync- 
thing [1]. Syncthing is really easy to set 
up and does one job - keep folders in 
sync between different devices. If I 
make a change to the Notes folder on 
my PC (by adding a note or editing an 
existing note), Syncthing will replicate 
the change to the Pi and from there to 
my phone. 


Remind Me 


If I have an important meeting or need 
to remember an anniversary, I already 
have several very capable calendar apps 
linked to my Gmail account that will 
send a reminder. Despite this, I am a ter- 
rible procrastinator and often put off or 
forget tasks on my mental to-do list. 

The obvious answer would be a physi- 
cal - or digital - to-do list, but I wanted 
to know if I could make it just a bit more 
useful for someone with my scattergun 
approach to time management. 

Gina Trapani’s excellent Todo.txt 
method [2] ticked all my boxes by using 
an open, plain-text file format and being 
completely app agnostic. For the unfa- 
miliar, Todo.txt is just a way of format- 
ting a text-based to-do list so that it is 


both human readable and easy to pro- 
cess with a computer. 
An example Todo.txt file would be: 


Buy some milk @shopping 
(A) Call Grandma 
Write Linux article 


Tidy spare room 


@shopping is just a tag to help you list 
all similar items using the basic Todo. 
txt shell script or one of the many 
Todo.txt-compatible apps. The optional 
(A) marks that task as high priority. 
You could also have tasks categorized 
as (B), (C), ete. 

I can keep a Todo.txt file in a folder 
called Organizing under my Notes folder, 
sync it between all my devices, and al- 
ways have easy access to my list of 
tasks. But how could I use it to help me 
remember to actually do those tasks? I 
thought what might help would be to 
get a random nudge throughout the day. 
I sometimes find that if I set an alarm 
for something, if I know when it is com- 
ing - paradoxically — it is easier to ig- 
nore. If a friend were to randomly inter- 
rupt me with a reminder, that might be 
harder to dodge. 

A simple python code could read my 
to-do list every day and add a timed task 
using the Linux at command to give me 
that encouraging nudge when I least ex- 
pected it. 

This script (see Listing 1) requires Py- 
thon v3 or later and the todotxio mod- 


018 except: 
019 print("Error" ) 
020 


oo4 # 021 for opt, arg in opts: 
005 # read a todo.txt file and assemble a list of timed 022 Tf opt in | =£"]): 
reminder notifications 023 todo_file = arg 
006 # 024 
Glee AMBRE TASCINS SEN) 025 if (todo_file == "null"): 
008 import sys, getopt, os 026 print ("No todo list specified") 
009 from random import randint 027 quit() 
010 028 


011 # look for parameters 
012 todo_file = "null" 
013 argv = sys.argv[1:] 
014 


015 try: 


016 opts, args = getopt.getopt(argv, 


017 


"£:") 033 


029 # define the flavour text list 


030 # this keeps each reminder slightly different, to make 


them more impactful 


031 


032 flavour_text=[ 


"Do not forget to", 


034 "You had better not forget to", 
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Listing 1: Nudgebot (continued) 





035 "Whatever happens, remember to", 087 
036 "ATTENTION! ", 088 print("=====Priority A==== 
Hie Wy reall shoulda" 
03 fou really should", 089 
038 "You had better", 
090 for item in range(nudge_list_length_A): 
039 "If you know whats good for you,", 
ane "Dig deep and", 091 item_text=to_nudge_A[item] .text 
o41 "Do the right thing, i.e.", 092 item_duedate=to_nudge_A[item] .text 
o42 “De: thie 093 #nudge a random number of times 
043 | 094 rand_nudges=randint (2,4) 
44 flavour_text_list_length=len(flavour_text)-1 
Q evour text Tist rend eng text) 095 for nudgenum in range(rand_nudges): 
o4s 
096 print (rand_nudges) 
046 # define the notification tone list 
047 # these are standard notification tones used by the pai rand_mins=rendint (07480) 
pushover notification service 098 rand_flavour=randint (0, flavour_text_list_length) 
048 099 flavour_intro=flavour_text [rand_flavour] 
049 push_tones=[ A : 
100 send_text=flavour_introt+" "+item_text 
oso "pushover", 
, 101 rand_tone_index=randint(0,push_tones_length) 
os51 "bike", 
052 "bugle", 102 push_tone=push_tones [rand_tone_index] 
053 "cashregister", 103 command_string = f"echo \"/home/stu/bin/pushover 
os4 "classical", \'{send_text}\' \' {push_ 
055 "cosmic", tone}\'\" | at now + \' {rand_ 
i a " 
056 "falling", mins}\' minute 
057 "gamelan", 104 print (command_string) 
058 "incoming", 105 os.system(command_string) 
059 "intermission", 106 
060 "magic", oh We 
107 # and now do the priority B stuff - 1 nudge per day 
061 "mechanical", 
, 108 to_nudge_B = todotxtio.search(list_of_todos, 
062 "pianobar", 
onze iat 
063 "siren", 109 priority=['B'], 
O64 "spacealarm", 110 contexts=['nudge'], 
065 "tugboat", abla, completed=False 
066 "alien", 112 ) 
067 Hie Wambi., 
113 
068 "persistent", 
114 nudge_list_length_B=len(to_nudge_B) 
069 "echo", 
070 "updown" ms 
071 |] 116 print("=====Priority B=====") 
072 push_tones_length=len(push_tones)-1 ally 
073 118 for item in range(nudge_list_length_B): 
074 # let's read that file F P 
119 item_text=to_nudge_B[item].text 
075 print("Reading ", todo_file, "...") 
120 rand_mins=randint (0, 480) 
076 
077 list_of todos = todotztio.from £ile(todo_file) de rand_flavour=randint (0, flavour_text_list_length) 
078 122 flavour_intro=flavour_text [rand_flavour] 
079 # ok, now do the priority A stuff - between 2 and 4 123 send_text=flavour_intro+" "+item_text 
nudges per day fi 
124 rand_tone_index=randint (0, push_tones_length) 
080 to_nudge_A = todotxtio.search(list_of_todos, 
Lene 125 push_tone=push_tones [rand_tone_index] 
081 priority=['A'], 
082 contexts=['nudge', 'blitz'], 126 command_string = f"echo \"/home/stu/bin/pushover 
' mye nn 
083 completed=False \" {send_text}\' \"{push_tone}\'\" | 
os4 ) at now + \'{rand_mins}\' minute" 
08s 127 print (command_string) 
086 nudge_list_length_A=len(to_nudge_A) 128 os.system(command_string) 
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ule, which is easily installed using the 
Python package manager, pip. 


sudo pip3 install todotxtio 


The notifications are done using a free 
web service called Pushover [3], which 
sends a push notification to an Android or 
iOS app. The API for Pushover is very sim- 
ple, and the Pushover site has example 
code for using cur! to send notifications 
that you can put in a Bash script. I called 
mine pushover. You could, of course, send 
an email instead or use something like the 
notify-send notification app [4] to direct a 
pop-up notification to your desktop. 

I then add a crontab file so a daily cron 
job can run this script (Listing 2). 

With the script running on my Pi, I 
just need to tag a to-do item with @nudge 
and make it either priority (A) or (B), 
and I will get one or more automated, 


Listing 2: crontab File 


random reminders during the day until I 
complete the task. 


Conclusion 

My note-taking solution suits my pur- 
poses well. It doesn’t have some of 
the extra features of commercial apps, 
but it does what I need it to do, and it 
isn’t cluttered up with unnecessary 
features. Markdown is a portable 

and sensible note format that is 
supported by a variety of tools (see 


Info 
[1] 
[2] 
[3] 
[4] 


Syncthing: https:/syncthing.net/ 
Todo.txt: http://todotxt.org/ 
Pushover: https://pushover.net/ 


com/manpages/xenial/man1/ 
notify-send. 1.html 


01 # Edit this file to introduce tasks to be run by cron. 

02 # 

03 # Each task to run has to be defined through a single line 

04 # indicating with different fields when the task will be run 

OS # and what command to run for the task 

06 # 

07 # To define the time you can provide concrete values for 

08 # minute (m), hour (h), day of month (dom), month (mon), 

09 # and day of week (dow) or use '*' in these fields (for '‘any'). 

10 # 

11 # Notice that tasks will be started based on the cron's system 

12 # daemon's notion of time and timezones. 

13 # 

14 # Output of the crontab jobs (including errors) is sent through 

15 # email to the user the crontab file belongs to (unless redirected). 
16 # 

17 # For example, you can run a backup of all your user accounts 

18 # at 5 a.m every week with: 

19 #05 * * 1 tar -zcf /var/backups/home.tgz /home/ 

20 # 

21 # For more information see the manual pages of crontab(5) and cron(8) 
22 # 

23 #mh dommon dow command 

240 8 * * * /nome/stu/bin/nudgebot.py -f /notes-location/Notes/organising/ 


todo. txt 
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notify-send: https://manpages.ubuntu. 


the box entitled “Apps,”) and the 
clever Todo.txt format makes it easy 
to keep a list of tasks and generate re- 
minders. The simple concepts dis- 
cussed in this article are easy to adapt 
to your own needs if you decide to ex- 
periment with building your own 
note-taking tool. sam 


Apps 


The advantage of using Markdown is 
that you can use any text editor, from 
something as simple as Notepad on 
Windows to a Swiss Army chainsaw 
such as Emacs. That said, there are some 
apps which are better suited to taking 
and managing notes. Similarly, although 
you could edit a Todo.txt file in anything, 
a number of apps can make the editing 
process much more user-friendly. 


Android 


On my phone | use Markor, which is 
fast and fairly no-frills but supports 
searching and embedded images. 
Other options would be iA Writer or 
JotterPad. Markor has a built-on Todo. 
txt mode, but it is a little basic. | prefer 
an excellent free app called Mind- 
stream, which looks good and makes 
adding new tasks a breeze. 


PC 


| run Linux on my laptop (naturally), 
and there are of course hundreds of 
text editors available for it. For my 
note-taking needs, however, | use Ty- 
pora, which looks nice and just works, 
and ThiefMD. Most of this article was 
written in ThiefMD, which also sup- 
ports Fountain, a superset of Mark- 
down geared towards screenwriting. 
Sleek is a great-looking and very easy 
to use Todo.txt editor available in most 
Linux repositories. 


Other Platforms 


My sysadmin work requires me to man- 
age Windows systems, so being able to 
view and edit my notes from there is 
handy too. Syncthing has Windows and 
iOS ports, and Markdown editors are 
available for both platforms. | would 
recommend iA Writer on iOS and 
Ghostwriter for Windows. Sleek has 
Mac and Windows ports, and SwiftoDo 
is a very capable equivalent for iOS. 
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and learn something along the way. By Brooke Metcalfe and Pete Metcalfe 





here are some fun and inter- 

esting projects that can be 

done by repurposing an old 

home router. If you don’t 
have an old router lying around, you 
can usually find one for about $5-$25. 
These routers are easy to reflash, soa 
new programmer doesn’t have to 
worry about messing things up too 
badly. 

In this article, we will look at three 
projects to get some extra life out of an 
older router. The first project uses the 
router’s USB port to connect to third- 
party devices. The second project col- 
lects microcontroller and internal data, 
and the final project displays the data 
on the router’s web page and ona 
Raspberry Pi. 





Startup A : 
Initscript Disable Routing Features 


Start priority Initscript 


dnsmasq 


19 dropbear 


19 firewall 


20 network 


35 odhepd 





You can enable or disable installed init scripts here. Changes will applied after a qv 
Warning: If you disable essential init scripts like "network", your device might become inaccessible! 











akerspace 


Breathe new life into your 


old home router 


A New Route 


If you have an old router lying around, you can put it to good use with a few easy projects 


Selecting a Router and 
Firmware 
A number of open source firmware solu- 
tions can breathe new life into an old 
router. OpenWRT [1] and DD-WRT [2] 
are the most popular packages, but there 
are other options. You need to determine 
if one of these firmware packages sup- 
ports your old router. Keep in mind that 
many older routers only have 4MB of 
flash and 32MB of RAM. These routers 
may not run or only marginally run 
OpenWRT or DD-WRT. We recommend 
that you choose a router with a minimum 
8MB of flash and 32MB or more of RAM. 
You also need to consider whether 
the router has USB support. A router 
without USB support can still be used 
as a web or application server, but it 


vice reboot 


























Figure 1: Be sure to disable the firewall, dnsmasq, and odhcpd in the 


OpenWRT interface. 
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will be missing external hardware 
integration. 

For our router project, we used Open- 
WRT because of our experience using 
the Arduino Yun modules. 


Getting Started 

Loading new router firmware will vary 
based on the make of your router. For 
this step, you’ll need to check the manu- 
facturer’s directions and the router spe- 
cifics from the OpenWRT or DD-WRT 
websites. 

After the new firmware has been 
loaded, the router should be discon- 
nected from your home LAN, and a PC 
needs to be wired to one of the router’s 
LAN ports. The router will have a default 
IP address of 192.168.1.1, and the PC 
needs an IP address in the 192.168.1.x 
range (e.g., 192.168.1.10). 

Once the router and PC are wired into 
their own small network, the router can 
be powered up, and the OpenWRT web 
interface (LuCI) can be used to configure 
the new router settings. 

There are many possible router config- 
urations. Most importantly, you must en- © 
sure that the repurposed router does not 
effect the main router on your home 
LAN. Typically, you’ll want to disable 
routing features on the repurposed 
router before it is connected to the home 
LAN. In the OpenWRT web interface, 
software services such as the firewall, 


Repurposed Router Projects MAUL Se\es 








DNS (dnsmasq), and DHCP (odhcpd) also 
should be disabled (Figure 1). 

For our setup, we used a USB hub so 
that we could connect a variety of differ- 
ent devices (Figure 2). 


Software 
Routers don’t have a lot of memory, so 
the default firmware is fairly lean on 
extra features. Consequently, you will 
need to add software packages. 
OpenWRT uses opkg [3], the Open- 
WRT package manager, to find and in- 
stall software packages. After the router 
is connected to the Internet, software 
can be added either through the LuCl 
web interface (Figure 3) or manually in 
an SSH shell. 


USB Drives 

To add USB drives, remotely SSH into 
the router and enter the code from List- 
ing 1. After the USB packages are 
loaded, reboot the router. 

Under the System menu, you will 
now see the Mount Points item has 
been added to the LuCI web interface. 
This option allows for easy addition 
and removal of portable USB drives 
(Figure 4). 

Adding USB drives to a router opens 
up the possibility of a number of inter- 
esting projects, such as a SAMBA file/ 
printer server, an FTP server, or a Net- 
work File System (NFS). 


USB Webcam Project 
For a fun router project, you can connect 
a USB webcam and start a video-stream- 
ing service. A number of excellent USB 
video solutions are available, but you 
need to ensure that the router’s small 
memory size can accommodate the 
video package and all its dependencies. 
A good lightweight USB video option is 
mjpg-streamer, which can be installed 
with the code in Listing 2. 

Once you’ve installed mjpg-streamer, 
you need to start the video service: 


## to start the service: 
/etc/init.d/mjpg-streamer start 

## to enable the service to start on 
boot 


/etc/init.d/mjpg-streamer enable 


You can access the USB webcam as a 
web page from the router’s IP with the 
default port of 8080 (Figure 5). 


USB-Serial Connections 

A router doesn’t have external General 
Purpose Input/Output (GPIO) pins like a 
Raspberry Pi or an Arduino, but USB 
ports can be used to pass data. 

Because there aren’t a lot of USB sen- 
sors available, a good workaround to 
this problem is to use an older microcon- 
troller. Low-end modules such as the Ar- 
duino Nano, littleBits Arduino Bit, or a 
BBC micro:bit can be directly connected 
to sensors, and the data can be passed 
with the USB-to-Serial interface. 

To start the video service, you need to 
enable USB-to-Serial communications in 
OpenWRT: 


## add USB-Serial packages 
opkg install kmod-usb-serial kmod-usb-acm 
## add terminal config package 


opkg install coreutils-stty 


For our project, we used a BBC 
micro:bit [4], which is very user- 
friendly for coding: It only took five 
blocks to send the on-board tempera- 
ture reading and to show the value on 
the front panel (Figure 6). 

The OpenWRT firmware runs a light 
version of the Bash shell called Ash. The 
Ash script in Listing 3 connects to the 
micro:bit USB port and prints out the 
temperature data. 
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Figure 2: Our router test setup includes a USB hub and web cam. 
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Software 


Free space 


Download and install package: 





Find a package 


Version Size (.Ipk) Description 


nano 5.8-1 68.2 KB 











30% (1.2 MB) 


Displaying 1-1 of 1 


Nano (Nano’s ANOther editor, or Not ANOther editor) is an enhanced clone 


Actions: 





OK 





Upload Package. Configure opkg 





Refresh package list 








Figure 3: You can use the LuCl interface to find and install OpenWRT 


packages. 


Listing 1: Adding USB Drives Remotely 


## update okpg is required to get info on new packages 


opkg update 


## get packages for USB2/3 and ext4 type devices 


opkg install block-mount e2fsprogs kmod-fs-ext4 kmod-usb-storage kmod-usb2 kmod-usb3 
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Viewing Router Data 
Next, we want to create a simple Com- 
mon Gateway Interface (CGI) Ash web 
page to view custom router data and 
pass the data to another device, such 
as a Raspberry Pi Node-RED server 
(Figure 7). 

For this project, it’s best to use 
dynamic data. If you don’t have 
external data, then dynamic data from 


the router’s system load data can be 
used (Figure 8). The command-line 
statement 


cat /proc/loadavg 


will show the router’s one-, five-, and 
15-minute load averages. 

By adding some AWK code, you can 
extract each of the data points directly. 


For example, to get the first data value, 
enter the following code: 


## Show router load averages 

cat /proc/loadavg 

0.36 0.28 0.16 1/50 3307 

## get the first data point 

cat /proc/loadavg | awk '{print $1}' 
0.36 





Filesystem Available 


/dev/root 0B6/2.75MB 
tmpfs 29,10 MB / 29.33 MB 
/devimtdblockS 1,09 MB / 3.63 MB 
overlayfs:/overlay 1.09 MB / 3.63 MB 


tmpfs 512.00 KB / 512.00 KB 


Mount Points 


Mount Points define at which point a memory device will be attached to the filesystem 


GB) 





Used 


100.00% (2.75 MB) 


0.80% (240.00 KB) 


69.94% (2.54 MB) 


69.94% (2.54 MB) 


0.00% (0 B) 


Enabled Device Mount Filesystem Mount Run filesystem 
point options check 
UUID: S5eec9927ec98fb0b (not 
“ foluend auto defaults No 
present) 
l e021 (/dev/sdat, 29.7! 
v RUE ee ore NOE Aittlend auto (vfat) defaults No 


[=e Add portable USB drives 


Custom Router Web Page 
OpenWRT runs the uHTTPd web 
server for its router configuration. This 
web server can also be used for custom 
CGI web pages that can use Ash script- 
ing. You will find the OpenWRT cus- 
tom CGI pages in the /wwu/cgi-bin di- 
rectory. Listing 4 shows an example 
CGI page, test.cgi. This example 
shows the previous load average val- 
ues along with some system summary 
information from the Linux monitoring 
tool vmstat. 

CGI web pages use Ash/Bash echo 
statements to output HTML code. It is 
important to start the page by echo- 
ing out "Content-type: text/html" 
with an added new line (lines 6-7). 








Unmount 


ts 
ts 








Figure 4: The LuCl web interface lets you mount portable USB drives. 
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. MJPG-Streamer - Stream Example — Mozilla Firefox -+*x 
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Figure 5: Use port 8080 on your router's IP to view 
the USB webcam. 


Listing 2: Installing mjpg-streamer 
## install video streaming software and nano editor 
opkg install kmod-video-uve mjpg-streamer nano 
## enable video service 
## edit config file, and set "option enable '1' 


nano /etc/config/mjpg-streamer 
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For this example, including HTML 


rosoft | C>micro:bit 


show string 
stew tcon HR » 
se) 





Every 5 secs 
send temp to 


USB port 


Figure 6: The micro:bit code for USB-to-Serial com- 
munications can be completed in five blocks. 








Listing 3: Reading USB-Serial Data 
#! /bin/ash 
# 
# microbit.sh - reads microbit temperature 
# 
# set terminal speed 
stty -F /dev/ttyACMO 115200 
# read USB-Serial device (/dev/ttyACMO) 
while read -r line < /dev/ttyACMO; do 
echo " Temp: $line DegC" 


done 
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heading tags such as <h2> in the echo 
string improves the presentation 
(lines 16 and 25). 

The output from Ash/Bash statements 
such as 


cat /proc/loadavg |awk '{print $1}' 
will be shown directly on the web page. 


Using the HTML <pre> tag provides a 
pre-formatted fixed format for the out- 


a Raspberry Pi 
() WA 
Za 
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foro]. —” — 
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Figure 7: The setup for passing router data to other devices. 
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(3 minute window, 3 second interval) 


1 Minute Load: 0.36 Average: 0.24 Peak: 0.40 
5 Minute Load: 0.28 Average: 0.25 Peak: 0.29 
15 Minute Load: 0.16 Average: 0.14 Peak: 0.16 











Figure 8: The router's system load data provides the dynamic data for 
our project. 


Listing 4: Router Web CGI Example 





put from the vmstat monitoring utility 
(lines 25-27). 

After creating the CGI page, the final 
step involves setting the file’s execution 
rights as follows: 


chmod +x test.cgi 


You can now access your custom web 
page at http://router_ip/cgi-bin/test.cgi. 
Figure 9 shows the test CGI web page. 


Connecting to a Raspberry Pi 
For our final project, we want to pass the 
data from the router to a Raspberry Pi. 
You could modify this project to pass 
data to a Home Assistant node or any PC 
on your home network. 

The simplest protocol for passing data 
is to use TCP sockets. This approach 
doesn’t require any added software to be 
loaded on either the router or on the 
Rasp Pi. 

You can use the Bash nc (or netcat) to 
both send and receive TCP messages. To 
create an nc test, open two terminal win- 
dows: one on the router and the other on 
the Raspberry Pi (Figure 10). 

To set up a listener on the Rasp Pi, de- 
fine the Rasp Pi’s IP address with a port 
(1234 in this example). The -1 option 
sets listening mode, and the -k option 
will keep the connection open for multi- 
ple messages. 

On the router sender side, an echo 
message is piped to the nc command 
with the Rasp Pi’s IP address and port. 

Next, you need to periodically send 
dynamic data out via TCP. Listing 5 
shows an Ash script file that uses our 
earlier Ash/AWK code to get the router’s 


01 #!/bin/ash 15 # -- show router system load averages -- 
02 # 16 echo "<h2> System Load Averages </h2>" 
03 # test.cgi - show system load averages and vmstat 17 echo "1 minute load:" 

O4 # 


0S 


18 cat /proc/loadavg |awk '{print $1}' 


19 echo "<br>5 minute load:" 


06 echo "Content-type: text/html" 


20 cat /proc/loadavg |awk '{print $2}' 


07 echo "" 


21 echo "<br>15 minute load:" 


08 echo "<!DOCTYPE html> 


22 cat /proc/loadavg |awk '{print $3}' 


09 <html> 

10 <head><title>Router Points</title> 23 

11 </head> 24 # -- show vmstat -- use <pre> formatting 
12 <body> 25 echo "<h2> Vmstat Results </h2> <pre>" 
13 <hl>Router CGI Page</hl><hr>" 26 vmstat 

14 27 echo "</pre></body></htm1>" 





63 


EM aiSeAeey Repurposed Router Projects 





load averages and then pipes the values 
to a TCP listener every two seconds. 
Node-RED [5] is a great visual pro- 
gramming environment that comes prein- 
stalled on the Raspberry Pi Raspbian 


image. To get TCP messages from the 
script in Listing 5 into Node-RED, two tcp 
in nodes can be configured with the re- 
quired port numbers. To show the data 
graphically, two dashboard ui_gauge 
nodes can be con- 




















Figure 10: Use nc to send and receive TCP messages. 
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Figure 11: Node-RED dashboard logic with TCP sockets. 


Listing 5: Sending Router Data to a TCP Socket 


#! /oin/ash 


# send_loadavg.sh - Send Router Load Averages via TCP 


# - send 1 min avg to port 1111 

# - send 5 min avg to port 1115 

while true 

do 
cat /proc/loadavg | awk '{printf $1}'| 
cat /proc/loadavg | awk '{printf $2}'| 
sleep 2 


done 
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he 192.168.1.11 1172 
he 192.168.1.11 1215 


projects, we made lots of mistakes. We 
locked up or “bricked” our routers about 
a dozen times. 

If you’ve made a simple mistake, often 
all you need to do is reset your router 
and then connect directly to a LAN port 
to redo your configuration. If this fails, 
check the OpenWRT blog for any recom- 
mendations for your specific router 
model. There are some excellent custom 
solutions such as nmrpflash [6] for Net- 
gear routers, which offers an almost 100 
percent guaranteed un-bricking solution. 

If resetting the router doesn’t work 
and there are no custom solutions, then 
the next step is the 30-30-30 Hard Reset 
rule. The following will work for almost 
all routers: 
e Press the reset button for 30 seconds 
e While pressing the reset button, un- 

plug the router for another 30 seconds 
e Plug the router back in while still 

holding the reset button for a final 30 

seconds 
e Release the reset button, and try to re- 

configure 
Unfortunately, there are cases where even 
the 30-30-30 Hard Reset rule won’t un- 
brick a router. This happened to us when 
we loaded an incorrect firmware version. 


Summary 

In our tasks for these projects, we found 
that using shell scripting in Ash rather 
than Bash wasn’t an issue. However if 
you are moving code between OpenWRT 
and Raspbian, you’ll need to toggle be- 
tween #!/bin/ash and #!/bin/bash. 

If you would rather use MQTT instead 
of TCP to pass data, the Mosquitto sub/ 
pub command-line tools can be installed 
on the router using opkg. 

Overall, we would recommend re- 
purposing an old home router. It offers 
a lot of interesting projects with a 
small price tag. BEN 


Info 
[1] OpenWRT: https://openwrt.org/ 
[2] DD-WRT: https:/dd-wrt.com/ 


[3] opkg: https://openwrt.org/docs/ 
guide-user/additional-software/opkg 


= 


[4] 
[5 
[6 


BBC micro:bit: https://microbit.org/ 
Node-RED: https:/nodered.org/ 


nmrpflash: https:/github.com/ 
jclehner/nmrpflash 
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Linux has taken heat in the past for what opponents 
perceive as a dearth of viable image processing tools. 
But as you know if you've read this magazine, we would 
never accept that characterization for the powerful and 
freewheeling Linux. The Linux community has lots of great 
tools for photo enthusiasts, and, unlike the closed-source 
equivalents, all the best stuff is totally free. In this month's 
LinuxVoice, we explore the G’MIC digital image processing 
framework. The developers refer to G’MIC as “...the open- 
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source interpreter of the G’MIC language, a script-based 
programming language dedicated 
to the design of possibly complex 


image processing pipelines and 
operators.” We'll show you how 


to use the versatile G’MIC to 
balance, brighten, and 
sharpen your images — or 
add hundreds of other 
filters and special effects. 
And while we're on the 
subject of images: When 
you're ready for the third 
dimension, check out our 


tutorial on Blender 3D 


animation. 
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Multi-Factor Authentication for Login Security 


ecently a large, closed source software company an- 
R nounced their operating system would allow the user to 

opt out of using passwords. They indicated that pass- 
words were difficult to manage (agreed), and many times peo- 
ple forget them or use the same passwords for many accounts 
(which many people do), so now users will be given the ability 
to use multi-factor authentication (MFA) to avoid using pass- 
words and instead use some other authentication methods to 
protect themselves. Sounds great ... on the surface. 

| already know of people that are using their phones to do 
MFA. When you log in to some web service for the first time dur- 
ing a login session, a message gets sent to your smartphone to 
acknowledge that someone is trying to log on to your account 
and to verify that the person is you. 

However, using your smartphone has some issues. 

You may not own a smartphone. Many of my friends are 
(cough) “older” and only have “burner” phones (also known as flip 
phones) that cannot run applications. Of course, many burners 
can receive SMS messages and be verified through that. How- 
ever, MFA using phones puts an extra importance on phones 
being available all the time. If the phone is unavailable (dis- 
charged, lost, stolen), in an area where phones are not allowed 
(secure areas), or a cell phone signal is not available, then a per- 
son might inadvertently be locked out of their accounts. 

Important to know is that most of these MFA techniques do 
not rely on the phone as much as they rely on the International 
Mobile Subscriber Identity (IMSI) number that is assigned to 
your SIM card. If your phone breaks down, you can simply take 
the SIM card out and put it into another phone. If the SIM card is 
lost, you can report it to the mobile phone company and get a 
replacement SIM card that will have the same phone number 
(IMS!) associated. However it may take some time to get a re- 
placement SIM and put it in a new phone. 

Another way of doing MFA is using a type of “key” that is avail- 
able from various companies. These keys (usually small 
enough to fit on a keychain) are inserted into the USB port of 
your laptop or phone and/or use NFC to connect with a device 
as you try to access your accounts (including your login ac- 
count). Various operating systems as well as various web 
browsers and cloud-based applications allow these keys to be 
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part of their MFA. Some of these keys are fairly expensive. 
While this expense may be easily justified from a business per- 
spective, the average person may not want to pay for two (one 
to use and one to be kept in a secure place as a backup). Of 
course these keys may be lost or stolen like a phone — there- 
fore requiring a backup key or other MFA path. 

Other key types are “smart card’-type devices, which use ei- 
ther contact (needs to be inserted or otherwise scanned) or 
contact-less NFC technology to verify that the user is physi- 
cally present. Sometimes these cards have storage on them 
that can hold details such as health or financial information. 
Typically these cards are associated with a personal identifi- 
cation number (PIN) to help protect them if lost or stolen. 
Again, these cards and the management of them can be fairly 
expensive, and the cards can be damaged relatively easily in 
adverse environments. 

My laptop has both a webcam built in and a fingerprint reader. 
While both facial recognition and fingerprint recognition have 
security issues by themselves, when you put them together 
along with the physical access to a particular device (the laptop, 
for instance), they can create a much more secure system for 
logging into that device. 

All of these methods, and more, can be used for MFA. One of 
the problems is, will the user use them? And how complex will it 
become for people to actually access their systems and data? 

A recent webinar on password-less logins” stated: "Join Cy- 
bersecurity experts ... to discuss why users will be more likely to 
adhere to security best practices if they are empowered to 
manage and renew their credentials without your IT team's 
help.” 

Right. | remember how much users hated even simple pass- 
words to log in to their systems. The more complicated the sys- 
tem was, the more they needed help. People who need help in 
adding an application to their smartphone are going to have 
some issues in setting up MFA to work across their various de- 
vices, various websites, and various applications. 

FOSSH has the tools (MFA, PAM, SELinux or AppArmor, en- 
cryption of filesystems and data, among others) to do this well. 
It is time to start planning how to use MFA in your community or 
business. aaa 
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Worker, a file manager with more than 20 years of development, has evolved into a 
tested, powerful, and functional tool. sy xarsten cUNTHER 
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wo-pane file managers have been 
[ around for a long time. Classic examples 

include Norton Commander, Total Com- 
mander, DiskMaster, and Directory Opus. Cre- 
ated in the same vein, Worker [1], a two-pane file 
manager for the X Window System, has been 
actively developed since 1998. Many of Work- 
er's features were developed to meet practical 
needs, resulting in a functional file and directory 
management tool. 

You can find Worker as worker or workerfm in 
the package sources of most common distribu- 
tions. On Arch Linux and derivatives, the pro- 
gram is available via the Arch User Repository. 
However, the Worker package found in your dis- 
tribution’s repository may not be the latest 4.9.x 
version. Using the latest version of the program 
typically requires some DIY work. Having said 


Listing 1: Compiling Worker 


this, Worker has only minimal dependencies 
(see Table 1) and can therefore be compiled on 
almost any system without too much trouble. 
After downloading the source code [2] and un- 
packing it, use the code in Listing 1 to compile 
Worker 


Getting Started 

When first launched, Worker checks for an existing 
configuration before opening the main window; an 
existing configuration can be from an older version 
of the application. If needed, the start routine will 
update the configuration (Figure 1). 

At first glance, Worker's structure appears al- 
most classic (Figure 2). The two panes display di- 
rectories as lists (see the “Display Modes” box); ei- 
ther pane can function as the source or target, with 
a red status bar denoting the active pane. The file 


$ wget http://www. boomerangsworld.de/cms/worker/downloads/worker-VERSION.tar.bz2 


$ tar xf worker-VERSION.tar.bz2 
$ cd worker-VERSION 
$ ./configure && make && make install 


Table 1: Worker Dependencies 


Package 
gcc 





Function 


C++ compiler with C++14 support, 
GCC >= version 4.9 recommended 





libX11-devel, libx11-dev 


X11 headers and libraries 





avfs 


Open archives, FTP access, etc. 





libdbus-glib-1-dev, dbus-1-glib-devel, udisks, udisks2_ Disk access 


Optional Dependencies 
libmagic-dev, file-devel 
xli 


Display image previews 

Default image viewer can be changed in the 
config file (see the "Configuration Files" section 
for more information) 





ibxinerama-dev, libXinerama-devel 


Improved placement of windows 





lua-devel, liblua5.x-dev 
libxft-dev, libXft-devel 


ISSUE 253 


Lua scripting 


Improved font display 
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Figure 1: Worker starts with a small dialog. 


manager functions can be found in the buttons at 
the bottom of the window and in context menus. 
Alternatively, you can bind commands to a double- 
click or call them up via keyboard shortcuts. 

Worker's long development history has resulted 
in a very compact interface. Because Worker is 
not necessarily intuitive, you need to become ac- 
quainted with Worker's controls and technical 
functions before getting started. 

In the red status bar above the current pane, 
Worker shows the latest information for the di- 
rectory. The list display in the current pane de- 
pends on the display mode and directory con- 
tents. To switch between display modes, click on 
the small triangles in the upper right corner of 
the status bar. 

Worker organizes entries in the lists in tabs, 
which allows for lightning-fast switching between 
multiple directories in both the source and target 
panes. The small plus sign in the upper left corner 
above a pane opens a new tab. Clicking on one of 
the active tabs switches to the directory. 

The selected directory can be found a second 
time below the target or source pane, where the 
tool displays the directory in text form. To the 
left of this text display, a button with two dots 
lets you switch to the parent directory. At the 
bottom of the main window, you will find numer- 
ous buttons organized into several groups. 
These button groups are called a “bank” in 
Worker jargon. The button banks (see Table 2) 
control the main functions [3]. 

You can toggle between the banks with the 
mouse wheel while mousing over the lower status 
bar. Alternatively, you can use the left and right 


Display Modes 
When you open Worker, the default appear- 
ance is Directory mode. To change the dis- 
play mode, right-click on the status bar. In the 
dialog that opens, you can also choose from 
the following display modes: 
Image Display: Shows graphics instead of 
lists 


Information: Provides additional detailed 
information from the filesystem, such as 
access rights, owners, and metadata 


Text Display: Displays the data like in a text 
editor 
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mouse buttons. If necessary, add your own func- 
tions to the groups. Each button can call either an 
internal function, a shell command, a shell script, 
or an arbitrary program. 

Worker always applies the selected functions to 
all currently selected entries, which occasionally 
leads to situations where several procedures are 
possible. If this happens, Worker will ask how you 
want to proceed (Figure 3). 

You always have the option to trigger almost all 
actions either with the keyboard or the mouse. In 
addition, you can customize almost all aspects of 
the software, starting with the buttons and ex- 
tending to the list panes, the keyboard shortcuts, 
and menu entries. 

Depending on the file type, Worker changes the 
commands provided for the files. You then exe- 
cute the command by either double-clicking or 
pressing the Enter key. To accomplish these tasks, 
Worker uses a variety of external programs. As a 


Table 2: Worker Button Banks 


Bank 


Function 








Figure 2: Worker's main 
window displays files in tar- 
get and source panes, along 
with status bars and several 
functions in the buttonbar 
below. 





1 Basic functions for files and directories 





Basic functions for archives 


Basic Git functions 


Special functions for display, as well as for symlinks 





Advanced functions for special file types 





Aljoa;R]wWs]ry 


Other functions 





Figure 3: Depending on the situation, Worker asks which function you want to execute. 










ido you want to see the complete file (slower)? 


Read complete file 


The size of the file is 4.0 GiB. Shall | show only the first 2.0 MiB (faster) or 


If you choose to view only the first part of the file, you can still read more of it on demand. 
If text wrapping was enabled you can also choose to disable it which is much faster when reading large files. 
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result of Worker's long development history, sev- If you launch Worker in a terminal window, you 
eral outdated or atypical applications have creptin will see additional hints there if something unex- 
to this program list. pected happens — for example, if a function 
To find out which external programs are avail- doesn't work as expected. 
able, search the configuration files for the string: 
Basic Functions 
com = Worker was originally designed to handle files and 


directories in pretty much any way imaginable. 
Make sure to include a space before and after the = You will find the corresponding functions mainly 


equal sign. For example, Worker relies on Gimp in the button banks below the file panes. Worker 

and the ImageMagick tools for image editing; organizes the buttons in a grid, again grouping the 

McEdit, Xeditor, LyX, soffice, and others for text functions both by row and by column. 

editing; and Netscape for browsing. At least as useful as the buttons, the keyboard 
In some instances, you can make life easier for shortcuts, or shortkeys, provide quick access to 

yourself by resorting to xdg-utils [4] (XDG is a functions that are repeatedly used (see Table 3). 


specification developed by freedesktop.org — for- The ShortkeyList function in bank 4 gives you a 
merly the X Desktop Group — for interoperability complete list of defined shortkeys. Many of the 





between different desktop environments). XDG combinations used with Worker are based on Mid- 
commands such as xdg-open let you call the tools night Commander. 
already installed on your system that you have Important (i.e., frequently used) directories can 
preset for opening files of certain type. be saved as bookmarks. In addition, you can label 
selected entries. To create a bookmark, select the 
Table 3: Worker Shortkeys Access current directory with Alt+B or with the Bookmarks 
button. In the dialog that opens (Figure 4), you can 
Shortkey Function choose between previously defined bookmarks 
Tab Activate other list pane and change directly to the corresponding directory 


or add the current directory as a new entry. 
In addition to the directory bookmarks, you can 


Up arrow/Down arrow Go to previous/next entry 



































_Leftarrow ———————s Moveuponedirectorylevel use labels for files. You will find the label function 
Right arrow Enter current directory in the context menu when you right-click on an 
Home/End Activate first/last entry entry. You can manage labels with bookmarks. 
lng Toggle activity When you open bookmarks, you will also see the 

— labels. If you select a label, the program switches 
+ (number pad) Select everything in the current tab directly to the corresponding directory and high- 
- (number pad) Deselect everything in the current tab lights the labelled file. 
Enter Perform double-click action : 
F3 Show cumententy Filters and Patterns . 
: To speed up many tasks, you can filter book- 

Fa sEditcurrententry Ss marks and labels. Ctrl+D shows you only the en- 
F5 Copy selected entries tries with a label in the file list, providing a useful 
F6 Move selected entries overview even in large directories. If you call this 
F7 Create new directory : : oe Se ind 

; Figure 4: You can quickly access specific directories with 
F8 Delete selected entries bookmarks 
Shift+Alt+O Open current directory in opposite list pane 
ny ae ””~—“‘éié—ll 
Alt+V Start volume manager Faden! 
Alt+B Open/add bookmarks eee = al fe 
Alt+L Manage labels 
Alt+N Sort entries by name Directory bookmnatcs 
Alt+T Sort entries by modification times Aad mp te bookmarks: — 
Ctrl+D Show bookmark entries 
3 2 5 Add "/tmp" to bookmarks. 
Ctrl+S Activate name search in current list pane Make “config-err-YyGTzS" active when jumping to this bookmark. 
Ctrl+Space Open context menu 
Ctrl+1 Activate information mode 
Ctri+B Activate image display mode 
Ctrl+V Activate text display mode 
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Configure "set filter” 


set filter 
Choose to set or invert the selected options: { 1 Set settings 


| Change pattem based filters 


Filter action: 





Patter: [x 





[|| Change bookmark filter 


Bookmark filter: { i Show all entries 


Show bookmarks with label: 
|__| Query label on runtime 
Okay 








‘cancel 





Figure 5: Filters control what you see in a list. 


key combination again, Worker will display all the 
entries again. 

Worker offers several ways to control or limit 
the actual entries displayed in the list. To control 
how and what Worker displays in the list panes, 
you use filters and patterns. For example, you may 
not want to show all files in a directory, such as / 
etc/, which often contains several hundred files 
and subdirectories. You can also change the sort 
order of a column by clicking on the respective 
column header. 

Filters restrict what you see in a list. The Change 
filter button lets you define a sequence of charac- 
ters for file names (Figure 5). There are two variet- 
ies of filters: permanent and temporary. Change 
filter lets you create 
permanent filters, and 





Basic options \\ More options \ 


Enter the pattern the matching entries will be selected for: 
Want to handle directories instead of files? Enter "/" as first character! 








png 
Okay| Cancel| 


Figure 6: Patterns limit the files or directories displayed in 
the list. 


character string starts with an opening parenthe- 
sis, the program interprets everything up to the 
corresponding closing parenthesis as a logical ex- 
pression. In the documentation [3], expression 
matching shows how this is done and which argu- 
ments the software assigns to which keywords. 

Patterns are closely related to filters. They 
control the selection of files taking into account 
certain criteria. You can create patterns with the 
divide key on your keyboard's number pad. By 
default, you define file name patterns this way 
(Figure 6), but directories can also be displayed 
using patterns. In addition, you can apply sev- 
eral patterns in succession to select multiple 
types of file names. 

Worker recognizes file types based on the file’s 
content. Worker shows the file's MIME type [5] in 
the Type column. You can also use the MIME type 
for filtering and patterns [6]. 


Advanced Functions 

Worker supports searching for files and directo- 
ries in a sophisticated way. An extensive dialog 
shows the corresponding parameters (Figure 7). 
Worker saves the results to display them again 
later if needed. The results are saved until you ex- 


Search: /home/dd/Pictures/* 


Figure 7: The Search dialog 
is largely self-explanatory 


but comes with a number of 


special features. 








Find file sets tempo- Start drectory: [omeriaPaTes 


—_ 





























rary filters. File name: Use regular expression | Match full file name | Case sensitive 
The method Find file Match content: | | case sensitive 

is particularly sophisti- _| Follow symlinks _| Search content of archives too _| Same file system only Start new search - F5| 

cated. First, Worker _| Match directories too 

tries to find the entered _| tine number|File name] 

characters string ex- 

actly and incremen- 

tally. If this does not re- 

sult in a hit, a fuzzy 

search is performed, 

which allows random Change Uuectory teeny =a 5 PaRBeT RD 5 

characters in between View - F3 | Edit - Fa | Remove selected results from list | 

Previous results: 


the ones you entered. 





In fact, Worker's fil- 
ter functions go even 
further: Worker sup- 





ports the use of Bool- _| state: idle 
ean expressions. If a __Start search _| top| 


Locked| No. of results| File name| Content pattern Search started at | 
0 * 


/nome/dd/Pictures 


Clear store 


Close 
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User interface colors 
Bookmark/Label colors 
Font settings 
Mouse button configuration] 
settil 











Path configuration 


‘ile types 
Ignored directories 
iotkt 





eys 

ist view configuration 
Column configuration 
Owner column format 
Directory size settings 
Date/Time settings 
Initial directories 


Layout configuration 
Volume manager settings 
port 











F7 - New dir | F8 - DELETE 

















Symlink 












Tab profiles | Change time} Volume man 














HexEdit Copy++ Move++ | Ptm Rename 
None Patter selec| Start prog++ Full reload | Find History 
Toggle book Change Syml| _ CHOWN Path jump 

















Bank no.: 1/ 5 Next bank | ce, weehot ESehe Swap next | Swap prev | 





Action mode: }{ basic (action is used once) =| 


Copy button 





‘Swap button Delete button 





Cancel 





Figure 8: Worker's configu- 
ration options are extensive 


and affect both the ap 


pear- 


ance and the functionality 


of many elements. 


Figure 9: The volume man- 
ager controls access to 
additional filesystems. 


plicitly delete the old results using F5 or select 
Start new search. 

Worker follows the principle of refined search- 
ing, which means that you always search in the 
previous results until you find a perfect match. In 
addition to the Basic options displayed by default, 
More options offers further choices for narrowing 
down the results. 

By default, pressing the Enter key switches to 
the next input field but does not start the search. 
To start the search immediately, end the input in 
a field by pressing Ctrl+Enter. Worker shows the 
results in the corresponding field at the center of 
the window. You can apply many functions to the 
matches. For example, you can transfer the re- 
sults to lists or display them [7]. 


Configuration Files 

Worker stores its configuration files in the 
.worker folder in your home directory. At more 
than 200KB, these configuration files are large. 
You should only edit them manually if know 
what your changes will do. Direct editing is sim- 
ple and clear-cut if you are just replacing individ- 
ual commands, such as replacing the GView 
image viewer with Geeqie. Worker monitors the 





List of available volumes: 
Device | Mount point 





Volume manager 


Mount volume - m 
Unmount volume - u 
Eject-o 4 
Close tray -c 5 
Hide volume 5 
Update list 











configuration files and asks what to do when 
changes are made. 

There are several possibilities for making ad- 
justments in various places in a configuration file. 
If you click on the second small button on the left 
in the top status bar (just below the window's title- 
bar), Worker will display a summary of the config- 
uration (Figure 8). 


Volume Manager 

Another special feature in Worker, the volume 
manager, lets you integrate filesystems and 
supports both the obsolete hardware abstrac- 
tion layer (HAL) and UDisks for automatic 
mounting via D-Bus without leaving the file 
manager, for example. 

Clicking on the Volume manager button (or 
pressing Ctrl+V) opens the appropriate dialog 
(Figure 9). Double-clicking on one of the entries 
mounts the corresponding device. Beware, the 
volume manager can lead to conflicts with the au- 
tomatic systems often used today. 


Conclusions 

Granted, Worker doesn’t offer a pretty interface. 
However, more than 20 years of development 
have resulted in an extremely powerful, func- 
tional, and effective tool. Developed directly from 
hands-on experience, Worker's features have 
proven track records. If you can overlook Work- 
er’s occasional idiosyncrasies, you will find 
Worker to be a useful and basically simple tool 
that leaves few wishes unfulfilled. Plus, Worker's 
useful documentation will help you quickly find 
your way around. sme 


[1] Worker: http://www.boomerangsworld.de/ 
cms/worker 





[2] 


Source code: http://www.boomerangsworld. 
de/cms/worker/download.html 


Functions: http://www.boomerangsworld.de/ 
cms/worker/documentation/features/filter- 
ing.html#h-1-2-2 

xdg-utils: https://www.freedesktop. org/wiki/ 
Software/xdg-utils/ 

MIME types: 

https://en. wikipedia.org/wiki/Media_type 
File types: http://www.boomerangsworld.de/ 
cms/worker/documentation/features/ 
filetypes.html 

Search function: http://www. 
boomerangsworld.de/cms/worker/ 
documentation/features/filesearch.html 


[3] 


[4] 
[5] 
[6] 


[7] 


AGAZINE.COM | LINUXPROMAGAZINE.COM 


Jaleo) om ilalep.daleyinalseltemeelan 


Want to subscribe? 


Searching for that back issue you really wish you’d picked up at 
the newsstand? 


Discover the past and invest in a new year of IT 
solutions at Linux New Media’s online store. 





> shop.linuxnewmedia.com << 


DIGITAL & PRINT SUBSCRIPTIONS 


imgp: Batch editing /."°° 
for image files - 


Locked Down! 


New tools for tighter — 


r 
rr i i urity, x bili ~ ir 
if ~ {i 
pet 
Independence from your clobd provider y) < Hh : ee 
- pr. ’ 
werG° > 0, 4a € 
yemént = A 
Flexible working ‘ , ae 
environments with RDS 4 > ~~ 
A lightweight client for the Automate complex IT 
ACW astr ops K8s j 
} embroidery ai 
j 
t 


utw: xxide firewall one 













2020 Edition 


THE COMPLETE ARCHIVE 9 i) U X 


yar 
Pe = 2.000 pages of maker projects and mor 7 ay 
SS qe | 


Maker’ aCe 


YOUR LINUX SKILLS a ; — MORE SECURE » MORE FUN 
ae ue COOL 

; Pipe od edect output ; fu NT IX - 
eesti HACKS 


Tricks and shortcuts 
for Linux geeks 


f . 

; | 

= Recover deleted docs ' > : 

INU NEW MAEDA, ‘ . / 
WWW. LINUX PROMAGAZINE.COM 


UP A LINUX SYSTEM TO: 





y Games © Process 
b o and Much More! 


= Send files without a \ 

target IP 0 im 
= View a handy cheat 

sheet for your favorite 

commands 


LINUX, 


WwW LINUX-MAGAZINE. COM 


AO.Oe les CLAPPER AND GTK4 





Desktop design with GTK4 


Nate ee -Novareyal 





The Clapper media player showcases new desktop design features in GTK4. 
BY CHRISTOPH LANGNER 
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ree software desktops such as Gnome and 
F KDE are built on top of toolkits that provide 

support for the graphic elements. Gnome 
is built on the GTK toolkit. GTK is an important 
component of many GUI-based Linux systems, 
and a new release of GTK eventually has implica- 
tions for all Linux users working in Gnome and 
other GTK-based desktop systems. 

GTK4 [1] was released at the end of 2020, and 
components that rely on GTK4 have quickly fol- 
lowed, starting with Gnome 40 in March 2021. Re- 
cent distributions such as Fedora 34 [2] and Arch 
Linux already include Gnome 40. Other distribu- 
tions such as Ubuntu 21.04 [3] include the GTK4 li- 
braries in their package sources but don't use the 
GTK4-based desktop yet. 

In practice, however, GTK4’s influence in 
these distributions is still not very noticeable. 
For example, the Gnome desktop’s extensions 
app does not look noticeably different, even 
though it has now been ported to GTK4: It uses 
the usual widgets, such as buttons, search 
fields, and fold-out dialogs. If you look at the 
Widget Factory (see the “Widget Factory” box), a 
test program that organizes all common wid- 
gets in a window, you probably won't notice any 
outstanding innovations at first glance. How- 
ever, if you take a look at the animated GTK 
cube video on the main Widget Factory page, 
you can see one of the biggest changes be- 
tween GTK3 and GTK4. Mousing over the video 


Widget Factory 


To import the Widget Factory under Ubuntu 
21.04 or Debian Experimental, use the gtk- 
3-examples and gtk-4-examples packages, re- 
spectively. (For Arch Linux, you'll find the ex- 
ample widgets in the gtk3-demos and gtk4- 
demos packages). 

Once you've installed the packages for your 
distribution, you can call the programs using 
the gtk3-widget-factory and gtk4-wid- 
get-factory commands. 





reveals the typical pause and start playback 
media player buttons. This cube video demon- 
strates that you now can put graphics or other 
media elements in the background of almost all 
window elements [4]. 

As a means of exploring some of the new fea- 
tures in GTK4, this article examines the new Clap- 
per [5] media player, a Gnome desktop tool built 
using the GTK4 toolkit. 


Clapper 

The Clapper media player was built using GTK4, 
so it shows how some of the new GTK4 features 
work in practice. At first glance, Clapper reminds 
you of Gnome Video Player, but you will notice 
that the classic window bar located at the top of 
the application window is missing (in fact, this 
hasn't existed in Gnome for some time). GTK4 has 
pushed the envelope a bit further: The video 
image covers almost the entire window area, with 
only the control bar at the bottom remaining per- 
manently visible. The menus can be reached via 
partially transparent buttons at the top of the win- 
dow (Figure 1). Clapper only shows the buttons 
when you mouse over the window. 

Clapper has three modes: windowed, full- 
screen, and floating. The default, windowed mode 
shows the progress bar and window controls. In 
windowed mode, Clapper is visible on every virtual 


Pm 02:15/07:44 





Figure 1: Clapper reduces the space required by the 
playback controls to the bare minimum. 
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Listing 1: Installation on Ubuntu 


sudo apt install curl 


echo 'deb http: //download.opensuse.org/repositories/home: /Rafostar/Debian_Unstable/ /' | 


sudo tee /etc/apt/sources.list.d/home:Rafostar. list 


curl -fsSL https: //download. opensuse. org/repositories/home:Rafostar/Debian_Unstable/Release.key | 


gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home_Rafostar.gpg > /dev/null 


sudo apt update 


sudo apt install clapper 





Figure 2: Clapper in floating mode with the controls hidden. 


desktop on Gnome and will automatically slide 
from desktop to desktop, remaining in the fore- 
ground even when another application is active. In 
full-screen mode, you can select to hide the prog- 
ress bar and playback controls. In floating mode 
(Figure 2), Clapper hides the controls and floats 
the window on top of other applications; the appli- 
cation window will automatically slide to the cur- 
rently active desktop in this mode. 

Due to its early stage of development, Clapper is 
not yet available in the package sources of the pop- 
ular distributions. However, you can find a Flatpak 
on Clapper’s GitHub page [5] that you can install 
across distributions. Alternatively, the developers 
provide packages and package sources for Debian, 


Fedora, and openSUSE [6]. You can also install the 
DEB package on Ubuntu 21.04 (Listing 1). 


Eye Candy for Gnome 

Other application developers are also increasingly 
adopting the possibilities offered by GTK4. For ex- 
ample, the radio receiver Shortwave [7] offers a pro- 
gram display area that adapts fluidly depending on 
the display width or desktop window size. All of this 
is proof of Gnome's continuous development to- 
wards optimizing itself and the various Gnome ap- 
plications for use on smartphones or tablets. sas 


[1] GTK4: 
https://blog.gtk.org/2020/12/16/gtk-4-0 

[2] Fedora 34: https://getfedora.org/en/ 
workstation/download/ 

{3} Ubuntu 21.04: 
https://releases.ubuntu.com/21.04/ 

[4] Media in GTK4: https://blog.gtk.org/2020/05/ 
20/media-in-gtk-4 

[5] Clapper: https://github.com/Rafostar/clapper 

[6] Download Clapper: https://software. 
opensuse.org//download.html? 
project=home%3ARafostar&package=clapper 

[7] Shortwave: 
https://gitlab.gnome.org/World/Shortwave 
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Behind G'MIC’s deceptively simple interface hides a mighty image processing 
framework. While mastering G’MIC can be a rather daunting proposition, here's 
how to get started. 
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[1] offers a seemingly limitless library of 

simple and advanced filters you can apply 
to images. Filter, in this case, is a bit of a misno- 
mer. Filters are usually associated with presets 
that modify an image's overall appearance, and 
normally they don't offer much in terms of cus- 
tomization. G’MIC filters couldn't be more differ- 
ent. Think of G’MIC filters as actual tools that are 
designed to perform specific image manipulation 
tasks. Each tool offers a number of configurable 
options that allow you to achieve the optimal re- 
sult. More important, unlike traditional filters, 
G’MIC tools can be used not only to change the 
overall look of an image but also to perform a mul- 
titude of other tasks, from making basic adjust- 
ments (brightness, contrast, saturation) to denois- 
ing and applying custom CLUT presets. 

Objectively, not all of the G’MIC filters are 

equally useful, but as a photographer or a digital 
artist, you will likely find plenty of powerful filters 
in G'MIC’s library worth adding to your image pro- 
cessing and manipulation toolbox. In this article, 
I'll show you how to put G’MIC to practical use. 


G REYC Magic for Image Computing (G’MIC) 


Installation and First Steps 

Although G’MIC is available as a command-line 
tool and a web service, you will most likely want to 
use it as a regular graphical application. You'll find 
the G’MIC plugin for Gimp and Krita in the official 
repositories of many mainstream Linux distribu- 
tions. To plug G’MIC into Gimp on Ubuntu, run the 
command: 


sudo apt install gmic-gimp 

Doing the same on openSUSE is equally simple: 
sudo zypper in gimp-plugin-gmic 

If you happen to use digiKam, you'll be pleased to 


learn that the latest version of digikam comes 
with G’MIC. However, keep in mind that not all 
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G’MIC tools work in digikam. Since digikam 
doesn't support layers and masks, the G’MIC tools 
that require this functionality won't work. 

The G'MIC plugins and the digikKam version 
have the same easy-to-use graphical interface. 
The interface (Figure 1) is split into three parts: the 
preview pane to the left, the list of all available 
tools in the middle, and the options section to the 
right. G’MIC offers more than 500 filters that are 
grouped into categories by their functionality, 
making it easier to explore the library and find the 
tool you need. In addition, you can use the Search 
field to search for a specific tool by name. For 
faster access to frequently-used tools, use the 
Fave button to add them to the Faves menu. 


Exploring G’MIC 

Many G’MIC tools come from external contribu- 
tors. The sheer number and variety of contribu- 
tions is a testament to G’MIC’s power and flexibil- 
ity. However, many tools provide no documenta- 
tion to help you to figure out what certain options 
do. It's not a big issue for simple tools such as 
Basic Adjustments, especially if you are familiar 
with image editing fundamentals. But to master 
more advanced tools, prepare to do some experi- 
menting. The good news is that nothing is applied 
to the currently opened image until you hit the OK 
button. And even then, you should be able to undo 
the applied modifications in the host application. 
When working with G’MIC, keep in mind that the 
preview doesn't always provide an accurate repre- 
sentation of the applied filter. So it's better to treat 
the preview as a rough approximation rather than 
a pixel-perfect rendering. 

Before you start exploring G’MIC’s advanced 
functionality, it makes sense to start with simple 
tools that have only a few adjustable parameters, 
such as Colors | Color Balance and Colors | Basic 
Adjustments. Color Balance provides a quick and 
simple way to adjust white balance by selecting 
the neutral color, while Basic Adjustments lets you 
adjust brightness, contrast, and saturation. Some 
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G'MIC tools have overlapping functionality. The 
Colors | Auto Balance tool, for example, is very 
similar to Colors | Color Balance, but it has more 
adjustable parameters. In other words, G’MIC 
often offers several paths to achieving the desired 
result. More important, the basic tools in G’MIC 
don't merely replicate the functionality available in 
host applications such as Gimp and digiKam. In- 
stead these tools nicely complement an applica- 
tion's existing features. 

It would be impossible to describe everything 
G’MIC has to offer, so let’s focus on a couple of 
tools that most users will likely find handy. If you 
are looking for a quick and easy way to liven up 
your photos, you will appreciate a comprehensive 
library of ready-made 
filters tucked under 
Colors | Simulate Film 
(Figure 2). Here, you 
will find plenty of ef- 
fects to play with, from 
Black & White for emu- 
lating a wide range of 
classic black-and-white 
films to Instant [Con- 
sumer] for mimicking 
iconic Polaroid instant 
films. You can apply 
each filter as it is, or 
you can adjust the 
available parameters 
first. For example, if the 
filter is too strong for 
your taste, you can re- 
duce its strength using 
the appropriate slider. 

If you have your own 
presets in the Hald 
CLUT format, you can 
apply them to the cur- 
rently opened image 
with Colors | Apply Ex- 
ternal CLUT. If you don't 
have Hald CLUT files, 
G’MIC comes witha 
tool that allows you to 
generate Hald CLUT 
files from existing edits 
(Figure 3). To use this 
tool in Gimp, open the 
source image in Gimp 
and create a new layer 
by choosing Layers | 
New from Visible. You 
should see the new 
layer called Visible in 
the Layers pane. Make 
sure that this layer is 
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on top and selected, Figure 2: G'MIC offers plenty of high-quality presets to choose from. 


and then apply the desired color adjustments. 
Choose Filters | G’MIC-Qt, and then switch to the 
Colors | CLUT from After-Before Layers tool. Select 
All visible from the Input layers drop-down list and 
New image from Output mode. You should see a 
Hald CLUT table in the preview pane. Press OK to 
generate a Hald CLUT file, save the file in PNG for- 
mat, and you are done. Now you can apply the 
freshly-baked Hald CLUT file to a photo using Col- 
ors | Apply External CLUT. 

Both digikam and Gimp offer simple tools for 
removing unwanted objects from images. But 
though they can help you to remove dust particles 
and blemishes, these tools fall short when it 
comes to removing large and complex objects. 
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Enter the G’MIC Inpaint tool (Figure 4), which lets 
you make objects disappear without too much ef- 
fort. The way it works is rather straightforward: 
Use a certain color to mask the unwanted object, 
and then let Inpaint do its job. 

In Gimp, this requires a few simple steps. Open 
the desired image and set the background color to 
red (the HTML notation value should be ff0000). 
Use the Lasso tool to make a rough selection 
around the object you want to remove. Choose Edit 
| Fill with BG Color to fill the selection with the red 
color, and then choose Select | None to remove the 
selection. Open G’MIC by choosing Filters | G'MIC- 
Qt and select the Repair | Inpaint [Multi-Scale] tool. 
Specify the red color that matches the color you 


dur CLUT from After - Before Layers 


available filters (569) 
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Ocancel 
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Figure 4: Removing those pesky humans is easy with the Inpaint tool. 
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Je 18st output (default) 


used for the mask in the Mask Color input field, and 
watch the masked object magically disappear in 
the preview window. G’MIC offers several Inpaint 
variants based on different algorithms. So if Inpaint 
[Multi-Scale] doesn't do a good job of removing the 
selected object, you can try other versions of the 
tool. And, of course, you can tweak the available pa- 
rameters to achieve a better result. 

Speaking of masks, G’MIC comes with a mask- 
ing tool that makes it possible to quickly add 
masks based ona specific color. This tool can 
come in useful if you need to make adjustments 
to a specific area of an image, such as making 
the sky in the image brighter, desaturating a 
bright red car, or replacing one color with another 
one. To create a mask 
in Gimp, choose Filters 
. | G’MIC-Qt, switch to 
Replace Layer with CLUT : the Colors | Color Mask 
ot ; [Interactive] tool, and 
press Apply (Figure 5). 
This opens a separate 
window where you can 
use the mouse to se- 
lect the desired color. 
Mouse over the area 
you want to mask and 
right-click on it. To se- 
lect a larger area, press 
and hold the right 
mouse button and drag 
the pointer across the 
area you want to se- 
lect. Keep pointing and 
clicking until you've se- 
lected the entire area. If 
you accidentally select 
an area that shouldn't 
be included in the 
mask, point to it and 
left-click to remove it 
from the mask. Use the 
R key to reset the mask 
completely. Some- 
times it can be difficult 
to see the mask’s exact 
boundaries; you can 
use the Space or Tab 
key to switch between 
different viewing 
modes to give you a 
better preview of the 
current selection. 
When you are finished, 
close the preview win- 
dow, and you should 
see a new layer with 
the mask in the Layers 
pane of Gimp. 


@ fullscreen BB Apply 


S fullscreen 3 Apply Dox 


G'MIC BEL aelles 








Figure 5: Creating a mask with the Color Mask tool. 


It's Complicated 
Because G’MIC does a good job of hiding the 
complexities of image manipulation behind a sim- 
ple interface, it's easy to forget the serious science 
happening in the background. Take, for example, 
the Details | Sharpen [Deblur] tool. It's based on the 
Jansson Van-Cittert deconvolution algorithm, and 
it's mostly used for recovering blurry images in mi- 
croscopy and astronomy. The available parame- 
ters allow you to control how the algorithm is ap- 
plied. The Radius parameter specifies a standard 
deviation of the Gaussian kernel that is supposed 
to model the image's blur degradation. In practical 
terms, you would use a high radius for very blurry 
images and a small radius when the blur is low. 
The Jansson Van-Cittert algorithm is iterative, 
meaning it starts with a blurry image and con- 
verges toward the deconvoluted image through 
multiple iterations. The /terations parameter al- 
lows you to specify the desired number of itera- 
tions. The blurrier the source image is, the more it- 
erations are required to make it sharper. The Time 
Step parameter controls the maximum intensity 
variation (in R,G,B) between two consecutive itera- 
tions. Assuming an image has RGB values in 
range [0,255], the default value 20 specifies that 
the pixels cannot vary more than + or -20 in value 
between two iterations. To avoid sharpening the 
noise, you can use the Smoothness parameter to 
specify the weight of the regularization term. The 
noisier the image, the higher smoothness value 
you need. 

Of course, you don't need to know the underly- 
ing theory in order to use this and other tools. 
Tweaking the available parameters and preview- 


ing the result is often the best way to learn how a 
specific tool works and what it can do for you. But 
uncovering the theory behind certain tools pro- 
vides a fascinating insight into the science of 
image manipulation. As already mentioned, find- 
ing information about specific tools can be a bit of 
a challenge, but asking your questions on PIXLS. 
US [2] is a good place to start. 


Wrap-Up 

Whether you are looking for high-quality presets 
you can quickly apply to your photos or you are in- 
terested in more advanced image processing 
tools, G’MIC delivers. In addition to a simple 
graphical interface, G'MIC also offers a command- 
line interface, which means that you can auto- 
mate image editing actions and create rather ad- 
vanced image processing scripts. In short, G’MIC 
makes a perfect addition to your image process- 
ing toolbox. sam 


[1] G’MIC: https://gmic.eu/ 


[2] PXLS.US: 
https://discuss.pixls.us/c/software/gmic/10 
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Sparkling gems and new 
releases from the world of 
Free and Open Source Software 


Graham's ancient LG phone finally gave up on booting this month. 
Everything was backed up except what was originally $25 of Bitcoin 





a intended to buy a pizza ... five years ago. BY GRAHAM MORRISON 
Modular music maker that follows hot on the squeals of | even the ancient Bars & Pipes sequencer for the Commo- 
the similar and equally remark- dore Amiga. Even if you have no interest in audio, you will 
B es po ke able VCV Rack. While VCV Rackis — want to play with it. 
being used to primarily emulate The heart of a modular synth is its modules. These are 
real and fictional Eurorack hard- the parts that need to be wired together to generate a 
t's amazing just how many ware, complete with virtual patch — sound, and this is where Bespoke really excels. Many mod- 
| incredible audio-related open __ cables that sink with gravity and ules are included, split into categories such as instruments, 
source projects keep appear- = skeuomorphic controls that need synths, note effects, plugins, modulators, and audio effects. 
ing. There seem to be more re- to be twiddled from a mouse, Be- Every module has a beautifully designed UI with a “1970s 
leases in this software category spoke is focused on good user in- disco meets vector display” aesthetic that forces you to play 
than any other, indicating the terface (Ul) design. It doesn't bear —_ witht. There's a polyrhythmic sequencer called circlese- 
popularity of synths and music any resemblance to physical quencer that consists of four concentric and rainbow-col- 
production. One of the best of hardware or other audio projects, — ored circles, and notes are played when the hand of a dial 
these new releases, Bespoke is a other than the unique touch- crosses their step point. The grids of the matrix note and 
super high-quality modular synth screen table and physical control- — drum editors could be from Tron, and the envelopes in the 
and music-making environment lers of Reactable and perhaps FM modules look like green CRT oscilloscopes. When a 


module offers multiple parameters, these are easily edited 
directly with text entry or by using sliders and buttons just 
like in any well-designed UI and not like a copy of a physical 
hardware unit transposed onto a screen. You can still drag 
connections between modules, but you can also drag mod- 
ules together to create a default configuration, and there are 
keyboard shortcuts for everything. All of this is built on a zo- 
omable and scrollable canvas that never taxes your GPU. 
The most impressive graphical element becomes visible 
when you begin to connect modules together. Much like con- 
nections in the aforementioned Reactable, virtual wires 
stretch between inputs and outputs and animate to show 
what's been carried across them. If you start with a simple 
signal generator, set this to produce a sawtooth waveform, 
and connect this to a gain module to control its amplitude, 
the virtual cable will wobble to illustrate the shape of the 
audio waveform going through the cable. More than just eye 
candy, it's an excellent way to quickly see what is happening 
where and the effect that certain modules are having on the 
audio or data streams. The background of the canvas will 
also animate to display an oscilloscope representation of the 
output, and it can all be turned off if you don't like the distrac- 
1. Modules: Choose a module from a category and wire them together in the canvas. 2. tion. Needless to say, it sounds just as good as it looks. Plus, 
Settings: With direct output to ALSA, Bespoke works at a low latency and displays both there's a brilliant features matrix on the website that shows 
audio and GPU overhead. 3. Sync and scale: Bespoke will talk to other apps and devices, the difference in features between the free version, the plus 
and pitch can be locked to a specific scale and tuning. 4. Help: Most Ulelements contain ——_ version, and the pro version — the only difference being the 
excellent rollover help text, including the scripts and esoteric modules. 5. Matrix editor: fewer dollars in your pocket if you choose to make a financial 
Bespoke can do more than just create sounds; it can sequence and record them, too. 6. contribution, which is definitely a worthwhile thing to do. 
Waveforms: The canvas background, audio connections, and data connections all wobble 
to help illustrate their data in real time. 7. Effects chain: Use VST plugins alongside the Project Website 
native modules. 8. Output: There are several modules for monitoring levels. https://www.bespokesynth.com 
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Android emulation 


Waydroid 


ne of the most interesting projects of 
O the past few years is Anbox, a bril- 

liant compatibility layer that does for 
Android what Wine does for Windows. It al- 
lows you to run an Android-based operating 
system and many of its associated apps 
from a traditional Linux distribution and, 
more recently, commercially served from the 
cloud. There are plenty of ways this could be 
useful, from running Android applications 
that don't have a Linux counterpart to testing 
your Android applications on a dozen differ- 
ent virtual configurations. But it hasn't been 
so useful running Android from a phone, 
mostly because it lacks decent ARM-specific 
acceleration. 

Running Android within a container on a 
phone might seem an odd requirement be- 
cause the phone may be running Android 
anyway. But this isn’t the case if you're run- 
ning one of the current generation of Linux 
smartphones, such as a PinePhone, with a 
native Linux operating system such as 


Ubuntu Touch, postmarketOS, and Manjaro 
(with either Gnome or KDE Plasma). These 
installations are running native Linux pack- 
ages built just like their desktop counter- 
parts, and that means they also miss out on 
running Android apps, despite being built on 
the same architecture. 

This is where Waydroid helps. Waydroid 
uses Wayland alongside native non-virtual- 
ization Linux subsystems to implement an 
effective low-resource container for hosting 
Android. By default, it will instantiate a copy 
of LineageOS built on Android 10 with almost 
native-like performance. Even on a relatively 
low-powered device such as the PinePhone, 
we were able to install the minimal set of 
Google Apps and access the Play Store, but 
it's even easier to just add F-Droid. The result 
is that Android apps will run within a native 
Linux install on a smartphone. While it’s still 
rough at the edges and very early in its devel- 
opment phase, Waydroid is a compelling 
glimpse at the best of both worlds. 





Video editor 


OpenShot 





Waydroid will also run on x86 hardware. 
Howeveras it will only run x86-compiled 
Android derivatives, it's less useful than 
its ARM counterpart. 


Project Website 
http://waydro.id 





eve not looked at Open- 
Shot for some time. 
During that time, the 


state of video editing on Linux has 
improved massively. Linux video 
editing is now at the point where 
we've noticed many YouTubers 
using open source editors over 
their proprietary alternatives, much 
as they choose to use Audacity or 
Blender. Kdenlive has become a 
stable, powerful, and accelerated 
alternative to the costly Final Cut 
Pro on macOS, and it appears 
OpenShot is fast catching up. 
OpenShot adds the kind of features 
that take it beyond functional video 
editing and into creative territory. 
There's a host of new video and 
audio effects, including, for exam- 
ple, motion tracking, object detec- 
tion, and video stabilization. The 
last one is reportedly one of the 


most requested features ever, and 
it's great to see what was not so 
long ago a cutting edge set of fea- 
tures making it into an open source 
application. Both the motion track- 
ing and object detection are equally 
impressive, letting you identify ob- 
jects within your footage that can 
then be tracked and processed in 
various ways, such as identifying 
all cars ina scene and adding la- 
bels to them automatically. 

The new audio effects perform 
an equally essential role. There's a 
compressor to lessen the differ- 
ence between quiet audio and loud 
audio, an expander to amplify quiet 
audio without clipping, a parametric 
equalizer for filtering out parts of 
the audio such as hum, and various 
creative effects such as distortion, 
delay, and “robotization.” All of 
these additions make use of the 


Project Website 
https://www.openshot.org 





Nearly 1,000 emojis have been added to OpenShot to encourage 
learning and experimentation when editing and creating videos. 


improved performance. You'll need a package source other 
than the Applmage to take advantage of the almost essential 
hardware acceleration. For simple editing, however, Open- 
Shot will still work on almost anything; the editor itself has 
plenty of small refinements such as improved zoom and 
transformations and much more intuitive clip snapping, plus 
most other video effects have been given an overhaul. If 
you've not tried it since we last took a look, it's definitely time 
to give OpenShot another go. 
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Security tool 


PAM Duress 


few years ago, | was doing 
quite a bit of traveling be- 
tween the US and Europe 


with my usual array of technology. 
| was worried about what | should 
do if | was forced to unlock a de- 
vice and either hand that device 
over or permit the device to be 
searched. While | wasn't involved 
in anything that might be consid- 
ered investigative journalism, | did 
want to set a good example and 
behave appropriately if anything 
like this happened. One impracti- 
cal solution | envisaged was let- 
ting someone else encrypt my de- 
vices, so | could honestly say | 
didn't know how to unlock them 
(with the intention of asking that 
trusted someone for the keys 
when | arrived safely). Another 
more practical option was to 
take devices completely empty 


of anything, setting them up and 
erasing them as | arrived and de- 
parted again. Of course, | was 
never organized enough to do ei- 
ther of these things. 

If PAM Duress had been around, 
| would have gone for this solution. 
The pluggable authentication 
module (PAM) system is at the 
heart of granting access to your 
Linux devices, and PAM Duress is 
amodule that can trigger scripted 
behavior when you enter a pass- 
word that's different from the one 
you'd normally use to unlock your 
data and device. These duress 
scripts can delete all your data, au- 
tomatically send a notification to 
someone, or do whatever other 
function you desire. Installation is 
relatively straightforward and simi- 
lar to any other PAM module. The 
scripts that are executed when a 





Usage monitor 


gotop 


ver the years, we've 
looked at a lot of activity 
monitors. There are now 


so many that they’ve become 
difficult to write about with any 
originality. It must have become 
a Linux developer's rite of pas- 
sage to create a tool that shows 
which processes are taking up 
CPU time and hogging all the 
system memory. But gotop is 
worth writing about because it 
takes the best parts of some of 
our favorite monitoring tools and 
combines them into an easy-to- 
install, cross-platform, and CPU- 
efficient single executable. There 
are precompiled binaries for 
many ARM variants, including ex- 
ecutables that will simply run on 
a Raspberry Pi, x86 Linux, 
macOS, and even Windows. 
Each version runs identically, 
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with a few exceptions. There's an 
option to monitor NVidia graph- 
ics hardware, for example, and 
power monitoring is also depen- 
dent on your hardware. Apart 
from that, every platform can 
take advantage of all the same 
features, which is a good thing 
because there are quite a few. 
One of the best things about 
gotop is that it's clean and perfor- 
mant by default, especially com- 
pared to something such as htop, 
which can clutter your terminal 
and your CPU (buts still a great 
tool). With no further modifica- 
tion, gotop will graph the use of 
each CPU core across the top; 
disk usage, temperature, and 
memory usage through the mid- 
dle; and networking throughput 
and process management below. 
All of this can be configured and 





It's difficult to show PAM Duress in action, but it’s easily enabled by 
simply editing your PAM configuration (after making a backup of 
your system). 


certain password is entered are signed and cannot be tam- 
pered with, although there is a testing function that can en- 
sure the module is working correctly before deleting your 
data (for example). Everything works as expected. This may 
be a project with a very specific objective. If it appeals to you, 
PAM Duress performs a brilliant and essential function. 


Project Website 
https://github.com/nuvious/pam-duress 








Thanks to popey (Alan 
Pope) and the now- saved as a preset, including 
defunct Ubuntu Podcast += themes, styles, widgets, update 


for this find in one of 
their final episodes. 


frequency, and some options on 
how the values are calculated. It's 
even possible to monitor the state 
of remote servers. It's incredibly 
configurable for a tool with such a 
small system footprint, and that’s 
what makes gotop such a good 
find. It’s the best of all possible 
worlds without any compromise. 


Project Website 
https://github.com/xxxserxxx/gotop 
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HTML processor 


htmlq 


f you've ever done any devel- 
opment by working on your 


own scripts or hacking ona 
website, you will have encoun- 
tered JSON. JSON is a text nota- 
tion format for sending, retriev- 
ing, and storing data, and it uses 
a specific JavaScript-like syntax 
of curly brackets and square 
brackets, double quotes and 
commas to contain that data. 
These elements are used to de- 
scribe key and value pairs 
("name":"graham", for instance), 
arrays, and hierarchy. YAML files 
aren't difficult to comprehend, 
and many programming lan- 
guages will provide libraries to 
help parse the data transparently, 
but they can be difficult when 
you want to create a simple 
script or use them from the com- 
mand line because you need to 


find a way of navigating their hi- 
erarchical bracketed syntax. This 
is where the venerable jq com- 
mand can help. It's acommand 
that parses all of JSON’s magical 
syntax for you, making it easy to 
access the actual data held 
within its confines. At its sim- 
plest, you can ask for the values 
assigned to names, but it’s ad- 
vanced features enable you to 
process JSON files in the same 
way sed processes text files. But 
what about working with HTML 
files directly? 

htmlq is a tool that does just 
that, and it’s why htmlg has aq in 
its name. It's acommand that 
wants to do the same for HTML 
files that jq does for JSON. If you 
grab the HTML for a web page 
with cur1, for example, you face 
the same problems retrieving 





Scripted audio effects 


pedalboard 


he Spotify music stream- 
ing service has become 
hugely successful. And like 


many other Internet behemoths, it's 
success is partly built on open 
source. The quality of the Ogg Vor- 
bis audio codec and container has 
helped Spotify differentiate itself 
from the other streaming services, 
for example. While Spotify doesn't 
use the open source version of Qt, 
its adoption would have helped 
fund the Free version. It's also pub- 
ished a number of open source 
projects of its own, with pedal- 
board being its latest. Pedalboard 
is an audio effects library for Py- 
thon, which may sound overly tech- 
nical for most people, but it really 
does have genuine utility for most 
of us. If you've used the Audacity 
audio editor, for example, you'll be 
used to the idea of processing your 





audio with audio effects one at a 
time. Pedalboard allows you to do 
this in real time, with whatever ef- 
fects you choose, and even in- 
cludes some of its own — all tied to- 
gether with a little Python. 
Pedalboard includes several 
“bread-and-butter” effects to help 
with general audio issues. These 
include convolution (an effect that 
imbibes the acoustics of a real or 
digital space from an impulse), a 
compressor, chorus, distortion, 
gain, filters, limiter, phaser, and re- 
verb. These are all of a very high 
quality, and despite being only 
useful to Python programmers, 
the documentation makes them 
accessible to anyone with only a 
smattering of Python experience. 
But the best feature is one that 
would previously only be feasible 
for experienced programmers: 





htmlq takes the pain out of parsing HTML brackets and extracting 
content such as links. 


exact values without complicated multiple uses of grep. 
Piping the output through htmlq instead lets you quickly 
retrieve page attributes, the raw main body of text, or spe- 
cific sections or parts by identifier. It's a brilliant way to 
scrape data from websites that don't provide (or allow) 
their own REST API access, such as sites listing train 
timetables or ultra-local weather reports. It’s the quickest 
way we've found to extract URLs from an external page, 
either for testing or for further scraping. 


Project Website 
https://github.com/mgdm/htmlq 
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Even Python beginners can access cutting-edge audio effects with 
Spotify's pedalboard. 


adding external effects. Pedalboard can use VST3 plugins 
alongside its own, and they can be used in your code just as 
easily as the native plugins. There's nothing else quite like 
this, with the closest alternatives being perhaps SuperCol- 
lider or Pure Data, but neither have the convenience and 
ubiquity of Python. 


Project Website 
https://github.com/spotify/pedalboard 
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Modern editor 


Onivim 2 


he Vim text editor doesn't 
normally need much of 
an introduction. It’s the 


yin to the Emacs yang, the 
source of many “How do | quit?” 
posts, and the fuel for many a 
late night best-editor argument. 
It's a terminal text editor driven 
by infamously opaque keyboard 
commands that need to be com- 
mitted to memory and normal, 
visual, insert, and select operat- 
ing modes that can totally con- 
fuse a generation brought up on 
Microsoft Word. But it is also 
ubiquitous, powerful, mature, 
and ultimately wedded to the 
command line. There have been 
many attempts to bring its 
uniqueness to the desktop, but 
most of us would rather simply 
open a terminal and edit our files 
from there. If we need to make a 
graphical editor more Vim-like, 
there's usually an option to 
switch its keybindings to those 
of Vim. Editors such as Plasma's 
Kate and Microsoft's Visual Stu- 
dio Code take this further with pl- 
ugins that can even ape the 
command and editing modes, 
alongside all the muscle memory 
shortcuts and keyboard com- 
mands. 





Onivim 2 is a new graphical edi- 
tor that, even in its alpha state, is 
already one of the most success- 
ful desktop editors we've seen at 
supplanting Vim's workflow from 
the command line to a modern 
desktop environment. Like Vim, 
it's modal, which means you can 
edit text not just interactively (as 
you would with a normal desktop 
editor) but also by issuing com- 
mands that typically consist of a 
verb followed by a motion, such 
as d$ to delete to the end of a sen- 
tence. This is exactly the same as 
how Vim works. But it isn’t just 
Vim that Onivim 2 is hoping to re- 
place: It’s attempting to bring the 
best of editors such as TextMate, 
Sublime Text, and Visual Studio 
Code editor to a single high-per- 
formance application. Despite 
being completely independent of 
these projects, the editing experi- 
ence is already fairly comprehen- 
sive. It features syntax highlight- 
ing, fuzzy search across a project, 
snippets, and a command palette, 
all packaged within an amazing 
cross-platform application shell 
that isn’t using Electron. 

The project has an interesting 
licensing policy, which also 
makes it difficult to get hold of 


While many editors feature a Vim mode, Onivim 2 makes this its central function 
and inspiration. 
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The only way to currently test Onivim 2 is to build it yourself. It 
requires 15GB of space and an hour or two, but it is straightforward 
thanks to a well-documented Docker recipe. 


the application in its alpha state 
without contributing. The project is 
a commercial endeavor, currently 
funded by Patreon supporters, but 
ultimately, paid-for license keys. 
The code is initially released under 
a non-free license, allowing only for 
non-commercial and educational 
use without a commercial license, 
and it takes a long time to build (we 
built the code manually). But due to 
the positive support the project has 
received from the open source 
communities, Onivim 2 now has a 
dual-licensing agreement. Eighteen 
months after a commit has landed 
in its code repository, it will become 
additionally licensed under MIT, 
which is when we'll all be free to 
make and distribute our own 
builds. This isn’t a perfect solution, 
and it would be preferable if the 
project were open source from 
every commit, but we equally re- 
spect the project’s decision and 
motivation. It's hard bootstrapping 
a business, building a new editor, 
and maintaining momentum. 
Hopefully, the project will be suc- 
cessful enough, and so well-funded 
regardless of its licensing restric- 
tions, that the developers will up- 
date their licensing to remove the 
long delay. Either way, Onivim 2 is 
definitely worth seeking out. 





Project Website 
https://www.onivim.io 
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Retro platformer 


Mr. Rescue 


e've looked at the 
LOVE games frame- 
work before. It’s a bril- 


liant way to easily create 2D 
games with the accessible LUA 
language. Many developers have 
already used it to create unique 
and fully fledged games. Mr. Res- 
cue is one of these. Like many of 
the games built using LOVE, Mr. 
Rescue has a lovely pixelated de- 
sign reminiscent of games from 
the 8-bit era, albeit on a console 
with a 24-bit color palette. The 
game's objective is equally posi- 
tive. Rather than trying to destroy 
things, you save people by run- 
ning through an already burning 
building, picking them up, getting 
to a window, and throwing them 
out. There's no mention of their 
fate from this point, especially 


when the buildings can stretch 
dozens of floors into the sky, but 
let's assume there's some sub- 
stantial landing setup waiting for 
them. Another thing to remember 
is to open the window first. 

Your only defenses against the 
fire are your suit, which gets in- 
creasingly damaged the closer 
you get to the flames, and your fire 
extinguisher, used to blast the 
flames with water to make a path 
through the building, as well as to 
smash open windows and doors. 
You can only blast the water for so 
long before needing to wait for the 
pressure to replenish, and your suit 
also needs to be recharged by 
finding coolant capsules as you 
explore the building. If you don't do 
this, you'll eventually overheat and 
the game will be over. In this way, 





Controller editor 


AntiMicroX 


the successor to the X.Org 

windowing system, is ready 
for prime time. Not only are we 
seeing it as the only viable option 
for many embedded and mobile 
devices, several major Linux dis- 
tributions now pick Wayland by 
default. With Valve's Steam Deck 
bringing Linux gaming into the 
spotlight, there are signs that 
NVidia, too, might finally begin 
optimizing its drivers for Way- 
land. But this does mean that cer- 
tain applications relying on X.Org 
might need to be reworked, and 
those would include anything 
with XInput to access games 
controllers. 

AntiMicroX is a graphical con- 
figuration application for games 
controllers that has just finished 
a compatibility transition to Way- 
land, bringing its powerful “assign 


I t finally seems like Wayland, 


anything anywhere’ approach to 
the new desktop. When you con- 
nect a controller, its main window 
will display buttons for every 
input detected on the device, both 
digital and analog. Pressing or 
triggering any input on the con- 
troller will highlight its corre- 
sponding button within the user 
interface. Selecting any one of 
these will open a virtual QWERTY 
keyboard from which you can as- 
sign any key or mouse combina- 
tion to be triggered when the con- 
troller button or axis is activated. 
There are preset bindings for 
common controllers, including 
dead zones to stop movement 
when an analog input is not being 
used and a graphical calibration 
tool for scaling the analog inputs. 
You can save each setup as a 
preset between 7 to 8, and the en- 
tire configuration can be saved as 





If you're looking for some simple, pixelated arcade fun, Mr. Rescue is 


a perfect lunchtime distraction. 


the game builds up momentum as you try and take more 
risks to save people while fighting the fire. When you've 
saved a certain number of people, the level is over and you 
move on to another building. It’s a great game that's bril- 
liantly animated and finely tuned, with a soundtrack that 


could have been produced on a Commodore Amiga in 1988. 


Project Website 
https://tangramgames.dk/games/mrrescue/ 





AntiMicroX offers more configurability options and better preset 
management than Steam, and it now works on Wayland. 


a profile file that’s quickly accessible from a drop-down 
menu. This allows you to create complex controller 
schemes for your games and quickly switch between 
them, regardless of how many buttons you need. 

If you're seriously into gaming, this is a powerful tool 





that can help you get the most out of your hardware con- 


figuration — and especially compensate for any missing 
Linux configuration support. 


Project Website 
https://github.com/AntiMicroX/antimicrox 
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Rendering a perfume bottle with Blender 


Fragrance Workshop 





Blender's massive feature set can seem overwhelming at first. Choosing a 
manageable project can help you get started. 


BY CLAUS CYRNY 


88 DECEMBER 2021 


lender, the free and open source creation 
B suite, includes a modeler, three renderer 

engines, a compositor, a tracker, a nonlin- 
ear video-editing system, a particle system, and 
the ability to animate physical simulations and 
export them as video. Suffice it to say, figuring 
out where to start can be overwhelming. Picking 
a relatively manageable project is key. An easy 
way to start is to model a simple item, such as a 
perfume bottle. For this tutorial, | will model a 
transparent perfume bottle filled with liquid. By 
using concrete but varied shapes, a limited 
scope, and a small number of different materials 
(i.e., surfaces), this tutorial can help take the frus- 
tration out of getting started with Blender. (Note: 
Having some basic previous experience with 
Blender will be helpful in this tutorial). 


Setup 

| always recommend working with the latest ver- 
sion of Blender, which is currently 2.93. However, 
you will find Blender 2.93 in only a few distribu- 
tions. For instance, Ubuntu 21.04 includes 


Figure 1: Selecting with the right mouse button makes it easier to work in Blender. 


Blender Preferences 


Blender 2.83.5, and Fedora provides the latest 
version via updates. If your distribution does not 
have the current release, you can download the 
program as a TAR. XZ file from Blender’s homep- 
age [1] and unpack the archive on your computer. 
Then call the program's binary, blender, or create 
a starter for the desktop environment and link to 
the TAR. XZ file. 

Before getting started, you may want to make 
a couple of adjustments. If English isn’t your 
first language, you can change the localization 
in Edit | Preferences... | Interface under Transla- 
tion. Keep in mind that many of the menus will 
remain in English (and many online tutorials use 
English terminology). 

You may also want to change how you select 
objects with the mouse. In the default Blender 
configuration, you select objects by left-clicking. 
However, | recommend changing the selection 
to the right mouse button. To do this, go to Edit | 
Preferences... | Keymap | Select with Mouse But- 
ton and change the setting from Left to Right 
(Figure 1). 


Setting the Scene 
Blender uses scenes as a way 
to organize work. After startup, 
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Blender displays the standard 
scene: a camera, a light source, 
and acube. You will use the 
cube to model your perfume 
bottle, but before you get 
started, you need to do some 
preliminary work. 

First, you need to define Cycles 
as the renderer and set the 
image dimensions and camera 
settings. By default, Blender uses 
the Eevee render engine. While 
the newer Eevee engine works 
faster, Cycles is better suited for 
rendering realistic objects. To 
change the render engine, go to 
the Render Properties tab in 
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Blender's right sidebar. While 
you are in that tab, you should 
also increase the value for 
Sampling | Render to 512. 
Then, save the scene with a 
meaningful name. 

You can use the default 
scene's camera and cube set- 
tings. To change the light 
source type, select the light 
source, Light, under Scene Col- 
lection and then select the 
characteristic Area instead of 
Point. This type of light source 
will cast more realistic (not so 
harsh) shadows. 

If you are not yet familiar 

















with navigating in Blender, see Figure 2: Modifying the 

the “Navigation” box for some creating an additional camera view by positioning Blender 2.93 interface: The 

basic information. the cursor on the dark gray vertical line between the viewport can be divided into 
With only one view available in the viewport (Fig- | Properties Editor (bottom right) and the 3D view- multiple viewports. 

ure 2), Blender's default interface is not very clear port. A dark gray double arrow with a white border 


cut. | recommend modifying Blender’s interface by —_ will appear. Right-click to pop up a dialog (Figure 3). 


Navigation 

When working with Blender, there are some special features to keep in mind when navigating. 
Similar applications usually work with key combinations of a modifier such as Ctrl, Alt, or Shift 
plus a letter or a number. Blender takes a different approach. It enables many functions via a sim- 
ple keystroke without the modifier key. In many cases, additional keys then follow as an option 
that specifies the selected function. For example, you can enable scaling of an object with S and 
then restrict it to the z-axis with Z (see Table 1 for more key combinations). 


Table 1: Important Key Combinations 





























Key Command 

0 Change to camera view 

1 Change to the front view 

3 Change to the side view 

7 Change to the top view 

G Move an object in the scene (“grab”). This can also be done by right-clicking on 
the object and moving it while holding down the mouse button. G also lets you re- 
strict the function to one axis. For example, pressing G, Z moves you along the z- 
axis, which allows for far more precise modeling of the scene. 

Ss Scale an object either continuously or by a certain factor. Like G, scaling can be 
limited to one axis, for example, by pressing S, X. S, 2, on the other hand, lets you 
double the size of an object. 

E Extrude an object freely or only on one of the three axes (x, y, and z). Eis only 
available in Edit Mode. 

Shift+A Insert objects, sorted by categories (“add”). In the beginning, you probably will be 
working mainly with objects from the Mesh and Light categories. 

F12 Renders the complete image from the roughly calculated scene. Depending on 


the processor, graphics card, and scene size, this step may take awhile. 





Shift+middle-click | Move and rotate the scene in the viewport. Alternatively, click on the hand icon 
top right in the viewport and move the view by dragging the mouse while holding 
down the left mouse button. 
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Vertical Split 
Horizontal Split 
































Figure 3: Right-click on the edge of the viewport to split 
the view. 


Under Area Options, select Vertical split. Then drag 
the gray line to the left until you see two identical 
viewports. To make the right viewport show the 
camera's viewing angle, switch to Camera View 
with the mouse, press the left mouse button once, 
and then press 0 on the number pad. 

If you want Blender to always use this viewport 
setup when creating a new Blender scene, save it 


Figure 5: The Bevel Modifier rounds 
off the bevel’s hard edge to avoid cre- 
ating hard shadows. 
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Figure 4: The bevel in the background provides a smooth 
transition between the object and the scene. 


by selecting File | Defaults | Save Startup File. This 
view will now be the permanent default that you 
will see each time you start Blender. 


Background 

Next, you need create a background with a bevel 
(Figure 4). Press 7 to switch to the top view, fol- 
lowed by Shift+A, and select Add | Mesh | Plane to 
create a new layer on the scene. 

Switch to Edit Mode (see the “Blender Modes” 
box) and click on the Edge Select button. Select 
the edge farthest away from the camera and ex- 
trude it into the Z axis with E,Z so that the newly 
created second plane is at a right angle to the 
first plane. 

Next you need to apply a bevel modifier to round 
the right angle to form a sloping edge. Switch to 
Object Mode and then click on the blue wrench 
icon in the Properties Editor on the far right. In the 


Figure 6: Starting with the default cube, you can create a relatively flat-topped pyramid. 


Add Object 
— 
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Blender Modes 


Blender has six modes; the two most impor- 
tant modes are Object Mode and Edit Mode. 
You can switch between these two modes by 


pressing the tab key. In Object Mode, you cre- 
ate 3D objects and move them as a whole by 
pressing G. You also assign materials to ob- 

jects in this mode. You use Edit Mode to edit 

the shape of the objects. 





menu that opens, select Add Modifier | Bevel to 
add a modifier to the connected layers. Leave the 
Amount parameter at 0.7, and increase the Seg- 
ments parameter to 6 (Figure 5). 

While still in Object Mode, smooth the bevel by 
going to Object | Shade Smooth (top left in the 
viewport). Position the bevel and the camera so 
that the bevel fills the entire viewport. If you want, 
you can save this setup as the new default by se- 
lecting File | Defaults | Save Startup File. 


Make a Bottle 
To get started on rendering your bottle, simply use 
the cube already present in the scene. In Object 
Mode, you can scale the cube along the z-axis by 
pressing S,Z until you get the desired bottle height 
(minus a cap on top - that step comes later). 
Next, move your bottle — you will adjust the bottle 
shape later — to the front view (press 7). Then 
press G,Z until the bottle’s base rests exactly on 
the bevel plane. Now press the tab key to switch 
to Edit Mode, select the top square of the cube 
using Face select, and scale the top square down 
to create a flat-topped pyramid (Figure 6). 

Now toggle back to Object Mode using the tab 
key and assign a material to the pyramid by select- 
ing a glass shader under Properties | Material Prop- 


Figure 7: Wall options: You can assign the cube wall a 
thickness, as well as choose a transparent material. 


erties on the far right. Mouse over Surface | Princi- 
pled BSDF and change the option to Glass BSDF. 
Leave the Roughness at the default value, and 
change the JOR (Index of Refraction) parameter to 
1,330 for glass. As soon as you select Viewport 
Shading | Rendered, the cube becomes transparent. 

Toggle to Edit Mode (with the tab key) and 
press A to select the entire cube. Next press L,P 
and select Separate | Selection. The cube’s edge 
should now glow a bright red-orange, which will 
help you keep track of it later. The selected edge 
has become a separate object. Now switch back 
to Object Mode. 

In the next step, give the wall (the edge) a thick- 
ness by applying a Solidify modifier. First, set 
Viewport Shading | Wireframe and then go to Prop- 
erties | Modifier Properties. Under Add Modifier, se- 
lect Solidify. As shown in Figure 7, the cube's wall 
now has a thickness, which you can set using the 
Thickness parameter. 

Now, you need to set the camera and the image 
dimensions by going to Properties | Output Proper- 
ties (on the right). Set Resolution | X to something 
like 925px and Resolution | Y to 1080px. Then, 
right-click to select the camera. You can do this ei- 
ther in the viewport or in the Outliner. 

To configure the camera, set Properties | Object 
Data Properties (the second icon at the bottom 
with the green camera) to Focal Length 35mm. 
Then use G to move the viewport up so that there 
is enough space for the bottle’s cap. 


Add Perfume 

After you have modeled your bottle, you next need 
to fill the bottle with perfume. Create a new cube 
in the front view (7) using Shift+A and position the 
cube accordingly (Figure 8). Use G and S to move 
the cube until it fits exactly inside the bottle — just 
like real perfume. 


Figure 8: A second cube inside the perfume bottle forms 
the space filled by the liquid. 
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Figure 9: Select the four top 

edges of the cube and To adapt the cube shape (perfume) to the flat- 
adjust them to the size of topped pyramid shape (bottle), follow the same 

the perfume bottle. steps you used to scale the bottle. In User Perspec- 


tive view (on the left), select the four upper edges of 
the cube with Edit Mode | Edge select and scale 
them until they fit exactly into the bottle (Figure 9). 

Press 7 to activate the front view and scale 
the selected edges so that they fit exactly inside 
the bottle. Then, in Vertex select mode, 
adjust the top edges with a combination 
of scaling (S) and moving (G) so that 
they look like Figure 10. 

Now you are ready to assign a mate- 
rial to the perfume cube. Choose a trans- 


Figure 10: The perfume does not have to com- 
pletely fill the inside of the bottle: Leave approxi- 
mately the top third empty. 
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parent, slightly amber material following the 
exact steps you did for the bottle (Properties | 
Material Properties | New). Under Surface, select 
Glass BSDF, and select a slightly yellowish or- 
ange color. 

The perfume in the bottle currently looks too 
dark, so set the gamma to 7.8 via Properties | 
Render Properties | Color Management | Gamma. 
Now the perfume, as well as the whole scene, 
should appear much brighter. Use the top view 
(7) to check whether the perfume is centered 
exactly in the bottle; correct the position with G 
if necessary. 


Label It 

Your perfume bottle now needs a label on the 
front of the bottle. This process, known as UV 
Mapping, seems a little complicated at first. How- 
ever, once you've done it a few times, it turns out 
not to be that difficult. Working in parallel, you will 
need to use Blender and a graphics program that 
supports layers to make your label. (I used Gimp 
for this tutorial.) 

Use the tab key to switch to Object Mode and 
press A to select the bottle without the perfume. 
Then press Ctrl+A and select Apply | Scale — you 
must do this because you have scaled the cube. 
Call Ctrl+E and run Mark Seam. This will make the 
edges of the bottle appear a reddish orange. Next, 
press U and Unwrap, which unwraps the frame- 
work of the bottle on a plane, similar to unfolding 
a paper cube. 

Next, you'll use the UV Editor to export the UV 
Layout, and then edit the label in your graphics 


Figure 11: The bottle modeled as a 3D object with the UV layout 
rolled out flat below it. 
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Figure 12: You can create the bottle’s label in an image edi- 
tor such as Gimp. 


program and import the finished layout back into 
Blender. To get to the UV Editor, click on the small 
clock icon at bottom left in the Timeline editor. 
Change Timeline to UV Editor and drag the view- 
port up a bit (Figure 11). 

Select the UV Editor and run UV | Export UV Lay- 
out. Save the layout as a PNG and then import it 
into your graphics program as the bottom layer. 
You now insert your desired label text in the 
graphics program. Make sure to rotate the text's 
orientation to 90 degrees (Figure 12). 

Next, delete the bottom layer containing the UV 
Layout or temporarily hide the layer by pressing the 
eye icon. Once you've done this, export the label 
back to Blender. Keep the graphics program with the 
label file open in case you need to make corrections. 
If necessary, you can easily restore the deleted UV 
layout with Ctrl+Z and continue working with it. 





To reimport the label text file into Blender, 
switch from the UV Editor to the Shader Editor 
and create the necessary nodes as shown in 
Figure 13. This relatively complicated setup is 
due to the bottle’s transparent material. Once 
you've successfully added the nodes, you can 
view the label on the bottle. If the label is not 
quite right, switch back to the graphics program 
and edit the text. 


Put a Cap on It 

You can easily create a cap for your bottle using a 
black cube and a bevel modifier to round off the 
cube's edges. In Object Mode, position the 3D cur- 
sor (Figure 2) over the bottle, and create a cube 
with Ctrl+A. Press S to scale the cube so that it fits 
nicely on the bottle. 

Then create a new material and color it 
black. This time, choose the Principled BSDF 
option. Now switch to Properties | Modifier 
Properties and use Add Modifier | Bevel to cre- 
ate a bevel modifier and round off the cap’s 
edges. Leave the Amount at the default value, 
and increase the number of Segments to 6. 
Now apply Object | Shade Smooth to complete 
your bottle cap. 


Insert Tube 

Finally, create the fine tube used to connect the 
atomizer (hidden by the cap) to the perfume in 
the bottle. Simply create a path in Object Mode 
with Ctrl+A and use Add | Curve | Path. Move or 
rotate the path with G and R until it is vertical. 
Then switch to Edit Mode and move the lowest 
control point slightly to the right to create a slight 
curve in the tube. 


Figure 13: Setting up the nodes in the Shader Editor. The nodes make the material of the bottle appear transparent. 
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Once you are satisfied with the curve,add some _ their experiences and techniques. My final ad- 
volume to the path by selecting Properties | Object vice: Don't give up too quickly! sas 
Data Properties | Geometry | Bevel | Round. |n- 
crease the Resolution parameter to 4. Finally, the | info. | 
tube needs to be transparent. You can use the 
same material as you used for the glass bottle. As 
a final step, position the tube in the center of the 





{1] Download Blender: 
https://www.blender.org/download 


bottle with G. [2] Blender support: 
All done! Figure 14 shows the completed per- https://www. blender.org/support/ 
fume bottle. [3] Blender 3D Meetups: 


https://www.meetup.com/topics/blender-3d 
Conclusions 
The longer you work with Blender, the more intu- The Author 
itive the above steps will become. Considering 
everything possible with Blender, this perfume 
bottle tutorial is only a modest beginning. If you 
get stuck as you venture forth with Blender, 
don't hesitate to ask for help, perhaps ona 
Blender forum [2], or look for a Blender Meetup 
[3] where users get together in person and share 


Claus Cyrny has been working with graphics 
since 1996. He has used Linux since 2002 


with Ubuntu Mate 20.04 currently installed. 
Claus has worked with Blender intensively 
since 2018. He enjoys playing guitar, 
blogging, painting, and photography. 





Figure 14: The finished product. 
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= P Linux From Scratch 


Building an operating system is not like compiling a desktop app. You'll need to create a 
complete development environment - and if you follow the steps carefully, you'll emerge with 
a deeper understanding of Linux. 
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Inside the Kernel 


The only real way to celebrate the 30th anniversary of Linux is to write about 
Linux itself — not the agglomeration of software we know as a Linux distro, 
but the real Linux — the beating heart in the center of it all: the Linux kernel. 


On the DVD: AlmaLinux Minimal 8.4 and SystemRescueCd 8.03 


#249/August 2021 


‘ Turn Your Android into a Linux PC 


UserLAnd lets you run Linux applications on your Android phone — all without replacing 
Android OS. 


On the DVD: openSUSE Leap 15.3 and Kubuntu 21.04 Desktop 


#248/July 2021 


Brain Tools 


Sometimes you want the computer to think for you, and sometimes you want the computer 
to make you think. This month we present a selection of free Linux tools for learning and 
thinking. 


On the DVD: Ubuntu 21.04 and Fedora 34 Workstation 


#247/June 2021 
Post-Quantum Encryption 


Quantum computers are still at the experimental stage, but mathematicians have already 
discovered some quantum-based algorithms that will demolish the best of our current 
encryption methods. What better time to look for quantum encryption alternatives? 


On the DVD: Knoppix 9.1 and ZORIN OS 15.3 Core 
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MBG! Events 


FEATURED 
EVENTS 


Users, developers, and vendors meet at Linux events around the world. } 
We at Linux Magazine are proud to sponsor the Featured Events shown here. 

For other events near you, check our extensive events calendar online at 

https://www.linux-magazine.com/events. 


If you know of another Linux event you would like us to add to our calendar, 
please send a message with all the details to events@/inux-magazine.com. 





NOMA L@= IBY=WZ-1(0) ol =1a'AY(-1=),. elle) ef-) Cloud Expo Europe 





Be sure to check the event Date: December 7-8, 2021 Date: December 8-9, 2021 

we before booking any Location: Virtual Event Location: Frankfurt, Germany 

travel, as many events are ; Website: https:/www.developerweek.com/ Website! https://www.cloudexpoeurope. 
being canceled or converted global/conference/enterprise/ de/en 

to virtual events due to the DeveloperWeek Global: Enterprise Cloud Expo Europe is back! If you design, 


effects of COVID-19. Conference invites more than 3,000 manage, or build digital transformation 
enterprise dev professionals to converge __ initiatives and technology architecture, 
for a 2-day virtual conference and expo, you should join us at Messe Frankfurt on 


featuring technology innovations and the 8-9 of December 2021! It is a unique 
trends that corporations need to know opportunity to meet with suppliers, listen, 
about. Topics will include: DevSecOps, and seek advice from industry experts 
Organizing Dev Teams, DevTech Trends, _ free of charge. Your Cloud Expo Europe 
Microservices, Containers, Kubernetes, ticket also gives you free access to co- 
and more. located events Big Data & Al World 


Frankfurt & “Data Centre World Frankfurt. 


Bl Events 


DeveloperWeek Global: Enterprise December 7-8 Virtual Event https://www.developerweek.com/global/conference/ 
enterprise/ 

Cloud Expo Europe December 8-9 Frankfurt, Germany https://www.cloudexpoeurope.de/en 

Big Data World Frankfurt December 8-9 Frankfurt, Germany https:/\www.bigdataworldfrankfurt.de/ 

Data Centre World 2021 December 8-9 Frankfurt, Germany https://www.datacentreworld.de/data-centre-world-2020 

KubeCon + CloudNativeCon + December 9-10 Virtual Event https://www.|fasiallc.com/kubecon- 

Open Source Summit China cloudnativecon-open-source-summit-china/ 

Open Source Summit Japan December 14-15 Virtual Event https://events.linuxfoundation.org/ 

Open Compliance Summit December 16 Virtual Event https://events.linuxfoundation.org/ 

DeveloperWeek February 2-4 Virtual Event https://www.developerweek.com/ 

SCALE 19x March 3-6 Pasadena, California _https://register.socallinuxexpo.org/reg6/ : 

6 

Open Networking & Edge March 8-9 Antwerp, Belgium https://events.linuxfoundation.org/about/calendar/ w 

Summit Europe 2022 q 

CloudFest 2022 March 22-24 Europa-Park, Germany https://registration.cloudfest.com/registration?code= 2 
CFMEDIA22 = 

KubeCon + CloudNativeCon May 17-20 Valencia, Spain https://events.linuxfoundation.org/ < 

OpenJS World 2022 June 7-8 Austin, Texas https://events.linuxfoundation.org/openjs-world/ : 
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CALL FOR PAPERS 


We are always looking for good articles on Linux and the tools of 
the Linux environment. Although we will consider any topic, the 
following themes are of special interest: 


+ System administration 

+ Useful tips and tools 

* Security, both news and techniques 

+ Product reviews, especially from real-world experience 
* Community news and projects 


If you have an idea, send a proposal with an outline, an estimate of 
the length, a description of your background, and contact information 
to edit@linux-magazine.com. 
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The technical level of the article should be consistent with what you 
normally read in Linux Magazine. Remember that Linux Magazine 
is read in many countries, and your article may be translated into 
one of our sister publications. Therefore, it is best to avoid using 
slang and idioms that might not be understood by all readers. 


Be careful when referring to dates or events in the future. Many 
weeks could pass between your manuscript submission and the 
final copy reaching the reader's hands. When submitting propos- 
als or manuscripts, please use a subject line in your email mes- 
sage that helps us identify your message as an article proposal. 
Screenshots and other supporting materials are always welcome. 
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NEXT MONTH 


OOEB Issue 254 


UK / Europe Dec 04 
USA / Canada Dec 31 
Australia Jan 31 


Issue 254 / January 2022 On Sale Date 


Please note: On sale dates are 
approximate and may be delayed 
L 


because of logistical issues. 


Open source developers have labored for 
years to bring Linux to the smartphone. 
PostmarketOS is gaining attention as a 
cross-platform alternative modeled on 
traditional Linux distros. 
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hs} DECEMBER 2021 ISSUE 253 INTO WT NGyAVAIN | =u @1@)\V/ al NL OD. ed OVP NGI VAIN | was GR @) V7 





Custom Tailored Suit 


Select essential parts for your mobile computing needs 


Se FA 


Processor Graphics Card System Memory Data Storage Network 
Intel or AMD CPU Integrated or dedicated Upgrade any time Fast, large and switchable Wireless, Cellular 
or Gigabit LAN 


4 5 ®@ Om & 


100% Year Lifetime Built in German Local 
Linux Warranty Support Germany Privacy Support 
COMPUTERS 


B® tuxedocomputers.com 
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CLOUD SERVER 


STARTING AT 
°3.39 
monthly 

HETZNER CLOUD SERVER CPX11 HIGH QUALITY - UNBEATABLE PRICES 
SS ce DEPLOY YOUR 
7 40 GB NVMe SSD. epvt © HETZNER CLOUD 
7 Intultve Clue Console RSA INOINI DY eis 
v Located in Germany, 1 0 SECONDS! 


ailaltclate Me)ml Ubsy.\ 


MANAGE YOUR CLOUD QUICK AND EASY WITH FEATURES LIKE 
LOAD BALANCER, FIREWALLS, ONE CLICK APPS AND MANY MORE! 


GET YOUR CLOUD NOW at 


@ +1 646 6858477 CLOUD.HETZNER.COM 





